Permalink
Browse files

Expose CSRF param name also

  • Loading branch information...
1 parent 09a88a3 commit 2191aa47acc0a560366c8c09fa9635602cff5f07 @jeremy jeremy committed Feb 4, 2010
@@ -4,7 +4,7 @@ module CsrfHelper
# Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
def csrf_meta_tag
if protect_against_forgery?
- %(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
+ %(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
end
end
end
@@ -218,7 +218,7 @@ def setup
test 'should emit a csrf-token meta tag' do
get :meta
- assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body
+ assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
end
end

0 comments on commit 2191aa4

Please sign in to comment.