Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Ruby on Rails
Ruby CSS Other
Branch: 2-2-stable
Pull request Compare This branch is 122 commits ahead, 44017 commits behind master.

Change the CSRF whitelisting to only apply to get requests

Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
latest commit c6cb5a5ab0
@NZKoz NZKoz authored
Something went wrong with that request. Please try again.