Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Ruby on Rails
branch: 2-2-stable

This branch is 122 commits ahead, 41729 commits behind master

Change the CSRF whitelisting to only apply to get requests

Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
latest commit c6cb5a5ab0
Michael Koziarski NZKoz authored
Failed to load latest commit information.
actionmailer Prepare for Rails 2.2.3 release.
actionpack Change the CSRF whitelisting to only apply to get requests
activemodel Merge docrails
activerecord Prepare for Rails 2.2.3 release.
activeresource Prepare for Rails 2.2.3 release.
activesupport Ruby 1.9: fix Time#beginning_of_day inaccuracy due to subtracting a F…
ci Move to use pg instead of postgres on the CI server
doc/template Horo rdoc template
railties Prepare for Rails 2.2.3 release.
.gitignore Merge with docrails. Also add a rake task to generate guides in your …
Rakefile
pushgems.rb No more svn version numbers to rely on, use timestamps instead
release.rb Use copy instead of export for release
Something went wrong with that request. Please try again.