New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not add authenticity token to GET form #1314

Merged
merged 2 commits into from Jun 21, 2013

Conversation

Projects
None yet
2 participants
@carlosipe
Contributor

carlosipe commented Jun 20, 2013

CSRF protection does not work in GET requests. It has no sense to add authenticity token to the form when http method is GET.

@Ortuna

This comment has been minimized.

Show comment
Hide comment
@Ortuna

Ortuna Jun 20, 2013

Member

Hi @carlosipe, thanks for the contribution! Could you also add a test for this?
see this PR for a similar example.

Thanks

Member

Ortuna commented Jun 20, 2013

Hi @carlosipe, thanks for the contribution! Could you also add a test for this?
see this PR for a similar example.

Thanks

@carlosipe

This comment has been minimized.

Show comment
Hide comment
@carlosipe

carlosipe Jun 21, 2013

Contributor

Hey @Ortuna, I added some tests according to the example you've indicated. Let me know if it's okay or you need me to change anything. Thank you!

Contributor

carlosipe commented Jun 21, 2013

Hey @Ortuna, I added some tests according to the example you've indicated. Let me know if it's okay or you need me to change anything. Thank you!

Ortuna added a commit that referenced this pull request Jun 21, 2013

Merge pull request #1314 from carlosipe/master
Do not add authenticity token to GET form

@Ortuna Ortuna merged commit 719a0cb into padrino:master Jun 21, 2013

1 check passed

default The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment