From c0af16b0ba2791f8bb34cb2154c5db52df435dec Mon Sep 17 00:00:00 2001 From: Severin Schoepke Date: Fri, 22 May 2009 14:10:43 +0200 Subject: [PATCH] prototype helper no longer include a authenticity token when generating an ajax request with method get --- .../lib/action_view/helpers/prototype_helper.rb | 2 +- actionpack/test/template/prototype_helper_test.rb | 26 ++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletions(-) diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb index c0f5df3..cac4bd1 100644 --- a/actionpack/lib/action_view/helpers/prototype_helper.rb +++ b/actionpack/lib/action_view/helpers/prototype_helper.rb @@ -1058,7 +1058,7 @@ module ActionView js_options['parameters'] = options[:with] end - if protect_against_forgery? && !options[:form] + if protect_against_forgery? && !options[:form] && !options[:method].to_s.match(/get/i) if js_options['parameters'] js_options['parameters'] << " + '&" else diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb index f9f418a..9a94463 100644 --- a/actionpack/test/template/prototype_helper_test.rb +++ b/actionpack/test/template/prototype_helper_test.rb @@ -300,6 +300,32 @@ class PrototypeHelperTest < PrototypeHelperBaseTest end end +class PrototypeHelperWithForgeryProtectionTest < PrototypeHelperBaseTest + + def test_link_to_remote_method_post + assert_dom_equal %(posting), + link_to_remote("posting", { :url => { :action => "whatnot" }, :method => :post }) + end + + def test_link_to_remote_method_get + assert_dom_equal %(getting), + link_to_remote("getting", { :url => { :action => "whatnot" }, :method => :get }) + end + + protected + def request_forgery_protection_token + :auth_token + end + + def form_authenticity_token + 'some token' + end + + def protect_against_forgery? + true + end +end + class JavaScriptGeneratorTest < PrototypeHelperBaseTest def setup super -- 1.6.0.2