#6771 API documentation for RequestForgeryProtection not up-to-date - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#6771 new

API documentation for RequestForgeryProtection not up-to-date

Reported by Patrick Daryll Glandien | May 8th, 2011 @ 04:53 PM

The API documentation on http://api.rubyonrails.org/classes/ActionController/RequestForgeryP... claims that protect_from_forgery would raise an ActionController::InvalidAuthenticityToken if the CSRF token isn't matched with the expectations.
Earlier this year in the commit https://github.com/rails/rails/commit/ae19e4141f27f80013c11e8b1da68... this behaviour was changed to resetting the session per default on an unverified request (instead of throwing the exception).

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>