开发者

Rails default CSRF Meta Tags not validating

I've just validated a new site a new site that i've written using Rails 3 with the W3C markup validation and i'm getting errors about the CSRF tags that rails generates.

"Bad value csrf-param for attribute name on element meta: Keyw开发者_运维技巧ord csrf-param is not registered."

<meta name="csrf-param" content="authenticity_token"/>

AND

"Bad value csrf-token for attribute name on element meta: Keyword csrf-token is not registered."

<meta name="csrf-token" content="{token}"/>

I have my DOCTYPE set to

<!DOCTYPE html>

As far as i was aware i shouldn't have to add anything else. Can anyone shed any light on this please?

EDIT

I'm using HAML and wondered whether that could be a contributing factor so i set up a test page which has a single controller/action/view and only uses the Rails default erb templates. The problem still occurs.

http://validator.w3.org/check?uri=http%3A%2F%2Fcsrftestsite.heroku.com%2Fhome&charset=%28detect+automatically%29&doctype=Inline&group=0&user-agent=W3C_Validator%2F1.2


You shouldn't really worry about this. The HTML5 meta tag is pretty open with its use. All this validation is saying is that those technically aren't "legal" HTML5 metadata names according to the W3C spec, but it will not affect functionality. Here's a list of the proposed extensions for the meta tag:

http://wiki.whatwg.org/wiki/MetaExtensions

csrf-token and csrf-param are already on the list in "Proposal" status. If these get added to the W3C spec you shouldn't see this validation error anymore.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜