Forum: Rails-core (closed, excessive spam) request_forgery_protection_token should be set at ActionController::Base load time

request_forgery_protection_token should be set at ActionController::Base load time
Posted by José Valim (josevalim)
on 2008-06-12 14:18
(Received via mailing list) 
If @@request_forgery_protection_token is not set in
ActionController::Base, it can raise an InvalidAuthenticityToken error
when one controller creates a form that will post in another
controller.

Patch and better explanation here:

http://rails.lighthouseapp.com/projects/8994-ruby-...
Edit | Move | Delete topic | Reply with quote
Enable email notification | Enable multi-page view
This topic is locked and can not be replied to.
Powered by RForum and Captchator. Contact information - E-Mail: webmaster (at) ruby-forum (dot) com.