This project is archived and is in readonly mode.

#6771 new
Patrick Daryll Glandien

API documentation for RequestForgeryProtection not up-to-date

Reported by Patrick Daryll Glandien | May 8th, 2011 @ 04:53 PM

The API documentation on claims that protect_from_forgery would raise an ActionController::InvalidAuthenticityToken if the CSRF token isn't matched with the expectations.
Earlier this year in the commit this behaviour was changed to resetting the session per default on an unverified request (instead of throwing the exception).

No comments found

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket