This project is archived and is in readonly mode.

#6674 new
Anton Topchii

forgery protection in master

Reported by Anton Topchii | April 5th, 2011 @ 09:58 PM

Current forgery protection is not raise any exceptions as said in documentation. It just quietly reset session. And request processing goes to controller action.

# CSRF protection is turned on with the protect_from_forgery method, # which will check the token and raise an ActionController::InvalidAuthenticityToken # if it doesn't match what was expected. A call to this method is generated for new # \Rails applications by default. You can customize the error message by editing # public/422.html.

  def verify_authenticity_token
    verified_request? || handle_unverified_request

  def handle_unverified_request

No comments found

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket