Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
forgery protection in master #1000
Imported from Lighthouse. Original ticket at: http://rails.lighthouseapp.com/projects/8994/tickets/6674
Current forgery protection is not raise any exceptions as said in documentation. It just quietly reset session. And request processing goes to controller action.
CSRF protection is turned on with the protect_from_forgery method,
which will check the token and raise an ActionController::InvalidAuthenticityToken
if it doesn't match what was expected. A call to this method is generated for new
\Rails applications by default. You can customize the error message by editing