New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implemented #csrf_meta_tags #1379

Merged
merged 1 commit into from Aug 20, 2013

Conversation

Projects
None yet
2 participants
@dariocravero
Contributor

dariocravero commented Aug 6, 2013

  • Implemented #csrf_meta_tags. It complies with Rails implementation
    and will generate two meta tags one with the csrf-param your app is
    expecting and the other with the csrf-token. Fixes #1127 and #1251.
  • Added a csrf_param setting to allow you to tell what your CSRF token's
    field name should be when sent as a form parameter. It defaults to
    authenticity_token. rack-protection doesn't allow for that param to
    be set, so if you do so and want the middleware to work correctly you'll
    have to patch it or use your own validations for now - see this.
  • Refactored and cleaned up the CSRF helpers' code base and some
    helpers' tests.
- Implemented #csrf_meta_tags. It complies with [Rails
  implementation](#1127 (comment))
and will generate two meta tags one with the `csrf-param` your app is
expecting and the other with the `csrf-token`. Fixes #1127 and #1251.
- Added a csrf_param setting to allow you to tell what your CSRF token's
  field name should be when sent as a form parameter. It defaults to
`authenticity_token`. `rack-protection` doesn't allow for that param to
be set, so if you do so and want the middleware to work correctly you'll
have to patch it or use your own validations for now - [see this](sinatra/rack-protection#65).
- Refactored and cleaned up the CSRF helpers' code base and some
  helpers' tests.
@Ortuna

This comment has been minimized.

Show comment
Hide comment
@Ortuna

Ortuna Aug 20, 2013

Member

A lot cleaner! Thanks @dariocravero.

Member

Ortuna commented Aug 20, 2013

A lot cleaner! Thanks @dariocravero.

Ortuna added a commit that referenced this pull request Aug 20, 2013

@Ortuna Ortuna merged commit 1bf047c into master Aug 20, 2013

1 check passed

default The Travis CI build passed
Details

@Ortuna Ortuna deleted the csrf-helpers-cleanup branch Aug 20, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment