Permalink
Browse files

put authenticity_token option in parity w/ remote

[#6228 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
  • Loading branch information...
1 parent a3f5d71 commit 3026843dc1ff42a632ebe989e1f6dfadb0cd10a5 Dan Pickett committed with spastorino Feb 6, 2011
@@ -304,16 +304,15 @@ module FormHelper
# When you build forms to external resources sometimes you need to set an authenticity token or just render a form
# without it, for example when you submit data to a payment gateway number and types of fields could be limited.
#
- # To set an authenticity token you need to pass an <tt>:authenticity_token</tt> parameter in the <tt>:html</tt>
- # options section:
+ # To set an authenticity token you need to pass an <tt>:authenticity_token</tt> parameter
#
- # <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => 'external_token' } do |f|
+ # <%= form_for @invoice, :url => external_url, :authenticity_token => 'external_token' do |f|
# ...
# <% end %>
#
# If you don't want to an authenticity token field be rendered at all just pass <tt>false</tt>:
#
- # <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => false } do |f|
+ # <%= form_for @invoice, :url => external_url, :authenticity_token => false do |f|
# ...
# <% end %>
def form_for(record, options = {}, &proc)
@@ -332,6 +331,8 @@ def form_for(record, options = {}, &proc)
end
options[:html][:remote] = options.delete(:remote)
+ options[:html][:authenticity_token] = options.delete(:authenticity_token)
+
builder = options[:parent_builder] = instantiate_builder(object_name, object, options, &proc)
fields_for = fields_for(object_name, object, options, &proc)
default_options = builder.multipart? ? { :multipart => true } : {}
@@ -29,11 +29,11 @@ def meta
end
def external_form_for
- render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => 'external_token' }) {} %>"
+ render :inline => "<%= form_for(:some_resource, :authenticity_token => 'external_token') {} %>"
end
def form_for_without_protection
- render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => false }) {} %>"
+ render :inline => "<%= form_for(:some_resource, :authenticity_token => false ) {} %>"
end
def rescue_action(e) raise e end

0 comments on commit 3026843

Please sign in to comment.