Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick O.?
Thanks,
Wes
On 6 Sep 2008, at 07:08, Wes G. [email protected]
wrote:
Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick O.?
Yup, it was merged in in rails 2.0
Fred
Thanks, Frederick.
Follow - up: Is there anything that precludes using protect_from_forgery
with a DB session store?
Wes
On 6 Sep 2008, at 20:04, Wes G. wrote:
Thanks, Frederick.
Follow - up: Is there anything that precludes using
protect_from_forgery
with a DB session store?
nope (you do however need to pass a secret to protect_from_forgery)
Fred
Yeah, I just verified that.
Sorry, I should have tested it first.