开发者

rails 3 protect_from_forgery not doing anything

问答 作者:

I tried to fake forgery request in my rails 3.0.8 app with no success

I have regular form and I changed the auth key with Tamper before submit it at this point I would expect rails to reset the session and therefor signout the current_user however it didn't happen, the action completed successfully and the user stay signed in

I have the protect_from_forgery statement in my application contro开发者_StackOverflow中文版ller and I tried to change config.consider_all_requests_local to false

Indeed... it does something but you have to code it.

The previous behavior was removed, it's a controversial decision but you can get it back including the following code in your ApplicationController:

def handle_unverified_request
  #add here code to empty the session
  raise ActionController::InvalidAuthenticityToken
end

继续阅读:ruby-on-railsruby-on-rails-3

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9