Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Expose CSRF param name also

  • Loading branch information...
commit 2191aa47acc0a560366c8c09fa9635602cff5f07 1 parent 09a88a3
@jeremy jeremy authored
View
2  actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -4,7 +4,7 @@ module CsrfHelper
# Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
def csrf_meta_tag
if protect_against_forgery?
- %(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
+ %(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
end
end
end
View
2  actionpack/test/controller/request_forgery_protection_test.rb
@@ -218,7 +218,7 @@ def setup
test 'should emit a csrf-token meta tag' do
get :meta
- assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body
+ assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.