Permalink
Browse files

Add text/plain to the browser_generated_types array as webkit and gec…

…ko can submit them.

For more information see:

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
  • Loading branch information...
1 parent 2530d0e commit 8c197fb4ab4fa432a6e9421e0339a17a7ec296f1 @NZKoz NZKoz committed Nov 16, 2008
Showing with 2 additions and 2 deletions.
  1. +2 −2 actionpack/lib/action_controller/mime_type.rb
@@ -25,7 +25,7 @@ class Type
# These are the content types which browsers can generate without using ajax, flash, etc
# i.e. following a link, getting an image or posting a form. CSRF protection
# only needs to protect against these types.
- @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form]
+ @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
cattr_reader :browser_generated_types
@@ -177,7 +177,7 @@ def ==(mime_type)
end
# Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
- # ActionController::RequestForgerProtection.
+ # ActionController::RequestForgeryProtection.
def verify_request?
browser_generated?
end

0 comments on commit 8c197fb

Please sign in to comment.