This repository has been archived by the owner on May 16, 2021. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure that session contains a csrf token after "safe" requests
Currently, `AuthenticityToken#accepts?` will only add an authenticity token to the session if the request is "unsafe". By default, this means that the first POST/PUT/DELETE request from every session is guaranteed to fail. (see: #60) This changeset rearranges a few lines in `AuthenticityToken#accepts?` to do conditional assignment of `session[:csrf]` every time the method is called--even for safe requests.
- Loading branch information