This project is archived and is in readonly mode.
forgery protection in master
Reported by Anton Topchii | April 5th, 2011 @ 09:58 PM
Current forgery protection is not raise any exceptions as said in documentation. It just quietly reset session. And request processing goes to controller action.
# CSRF protection is turned on with the protect_from_forgery method, # which will check the token and raise an ActionController::InvalidAuthenticityToken # if it doesn't match what was expected. A call to this method is generated for new # \Rails applications by default. You can customize the error message by editing # public/422.html.
def verify_authenticity_token
verified_request? || handle_unverified_request
end
def handle_unverified_request
reset_session
end
No comments found
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Anton Topchii