…lication code before it fires.
…tributes already persisted does not render properly Signed-off-by: Santiago Pastorino <firstname.lastname@example.org>
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
… filesystems. This fixes CVE-2011-0449
…nment more similar to the code applications uses
… useful when using a select helper with a boolean attribute, and the attribute is false. (e.g. f.select :allow_comments)
…o be duplicated or grow forever if you call register_*_expansion more than once Fix a Regression introduced here 55b13c5