Permalink
Browse files

Extract form_authenticity_param instance method so it's overridable i…

…n subclasses
  • Loading branch information...
1 parent df0720b commit a942d66597166ed6ad087733416b148cf21193e3 @jeremy jeremy committed Nov 18, 2009
@@ -89,9 +89,13 @@ def verified_request?
request.method == :get ||
request.xhr? ||
!verifiable_request_format? ||
- form_authenticity_token == params[request_forgery_protection_token]
+ form_authenticity_token == form_authenticity_param
end
-
+
+ def form_authenticity_param
+ params[request_forgery_protection_token]
+ end
+
def verifiable_request_format?
!request.content_type.nil? && request.content_type.verify_request?
end
@@ -22,7 +22,7 @@ def remote_form
def unsafe
render :text => 'pwn'
end
-
+
def rescue_action(e) raise e end
end
@@ -44,6 +44,13 @@ def show_button
end
end
+class CustomAuthenticityParamController < RequestForgeryProtectionController
+ def form_authenticity_param
+ 'foobar'
+ end
+end
+
+
# common test methods
module RequestForgeryProtectionTests
@@ -245,3 +252,14 @@ def test_should_allow_all_methods_without_token
end
end
end
+
+class CustomAuthenticityParamControllerTest < ActionController::TestCase
+ def setup
+ ActionController::Base.request_forgery_protection_token = :authenticity_token
+ end
+
+ def test_should_allow_custom_token
+ post :index, :authenticity_token => 'foobar'
+ assert_response :ok
+ end
+end

0 comments on commit a942d66

Please sign in to comment.