…every ajax request.
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
… filesystems. This fixes CVE-2011-0449
…e' into 3-0-stable * jonleighton/deprecate_habtm_attributes-3-0-stable: Added deprecation warning for has_and_belongs_to_many associations where the join table has additional attributes other than the keys. Access to these attributes is removed in 3.1. Please use has_many :through instead.
This reverts commit fd19ade.
This reverts commit 1e98920.
… second" This reverts commit 35984f5.
this can provide a significant performance boost during testing, by preventing the GC from running too frequently.
this prevents test state from accumulating, resulting in leaked objects and slow tests due to overactive GC.
…EQUEST_METHOD from rack. This takes _method into account so the log shows the method which ActionController sees.
…ere the join table has additional attributes other than the keys. Access to these attributes is removed in 3.1. Please use has_many :through instead.
…nment more similar to the code applications uses