This project is archived and is in readonly mode.

#321 ✓stale
Michael Trim

Add magic encoding comment to generated files

Reported by Michael Trim | June 3rd, 2008 @ 08:05 PM

This patch adds an option to prevent the CSRF (Cross-Site Request Forgery) protection token being included for an individual form, whilst still having the forgery protection enabled.

This is intented only for situations where the form is being submitted to a third-party (e.g. an external search). In such cases, CSRF protection is not needed and revealing the token to the third party is a security risk as they could then submit requests as the user.

Passes existing tests and adds one new test.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Pages