Wednesday, March 28, 2012
That seems like it breaks any kind of progressive AJAX enhancement, since a remote submit form, submitted normally, will now fail CSRF protection.
On Wednesday, 28 March 2012 04:25:14 UTC+1, bill walton wrote:
Hi Santiago,--On Tue, Mar 27, 2012 at 12:16 PM, Santiago Pastorino
<REMOVED> wrote:
> Rails 3.2.3.rc1 has been released.
<snip>
> *ActionPack*
>
> * Do not include the authenticity token in forms where remote: true
> as ajax forms use the meta-tag value *DHH*Could you please point me to more on this?
Thanks,
Bill
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/L7iE5xkW0dMJ.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment