Skip to content
This repository

Ruby on Rails

branch: 2-2-stable

This branch is 122 commits ahead and 34869 commits behind master

Change the CSRF whitelisting to only apply to get requests

Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
latest commit c6cb5a5ab0
Michael Koziarski NZKoz authored January 13, 2011
Octocat-spinner-32 actionmailer Prepare for Rails 2.2.3 release. September 03, 2009
Octocat-spinner-32 actionpack Change the CSRF whitelisting to only apply to get requests January 17, 2011
Octocat-spinner-32 activemodel Merge docrails September 03, 2008
Octocat-spinner-32 activerecord Prepare for Rails 2.2.3 release. September 03, 2009
Octocat-spinner-32 activeresource Prepare for Rails 2.2.3 release. September 03, 2009
Octocat-spinner-32 activesupport Ruby 1.9: fix Time#beginning_of_day inaccuracy due to subtracting a F… September 13, 2009
Octocat-spinner-32 ci Move to use pg instead of postgres on the CI server January 29, 2009
Octocat-spinner-32 doc Horo rdoc template June 22, 2008
Octocat-spinner-32 railties Prepare for Rails 2.2.3 release. September 03, 2009
Octocat-spinner-32 .gitignore Merge with docrails. Also add a rake task to generate guides in your … October 21, 2008
Octocat-spinner-32 Rakefile Horo rdoc template June 22, 2008
Octocat-spinner-32 pushgems.rb Use current time as build number October 19, 2008
Octocat-spinner-32 release.rb A few updates, still in progress September 04, 2008
Something went wrong with that request. Please try again.