-
Make logging of CSRF failures optional (but on by default) with the
log_warning_on_csrf_failure
configuration setting inActionController::RequestForgeryProtection
.John Barton
-
Fix URL generation in controller tests with request-dependent
default_url_options
methods.Tony Wooster
Please check 4-1-stable for previous changes.