Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Extract form_authenticity_param instance method so it's overridable i…

…n subclasses
  • Loading branch information...
commit e1385be025263fad6d339010d42fe553d1de64af 1 parent ea290e7
@jeremy jeremy authored
View
5 actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -101,6 +101,11 @@ def form_authenticity_token
session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32)
end
+ # The form's authenticity parameter. Override to provide your own.
+ def form_authenticity_param
+ params[request_forgery_protection_token]
+ end
+
def protect_against_forgery?
allow_forgery_protection
end
View
20 actionpack/test/controller/request_forgery_protection_test.rb
@@ -18,7 +18,7 @@ def remote_form
def unsafe
render :text => 'pwn'
end
-
+
def rescue_action(e) raise e end
end
@@ -40,6 +40,13 @@ def show_button
end
end
+class CustomAuthenticityParamController < RequestForgeryProtectionController
+ def form_authenticity_param
+ 'foobar'
+ end
+end
+
+
# common test methods
module RequestForgeryProtectionTests
@@ -241,3 +248,14 @@ def test_should_allow_all_methods_without_token
end
end
end
+
+class CustomAuthenticityParamControllerTest < ActionController::TestCase
+ def setup
+ ActionController::Base.request_forgery_protection_token = :authenticity_tok
+ end
+
+ def test_should_allow_custom_token
+ post :index, :authenticity_token => 'foobar'
+ assert_response :ok
+ end
+end

0 comments on commit e1385be

Please sign in to comment.
Something went wrong with that request. Please try again.