Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # this monkey patch for Rails 2.3.5 means each action has its own token, i'm not
- # sure if this actually makes things more secure or worse.
- ActionController::RequestForgeryProtection.class_eval do
- def form_authenticity_token_with_action(*args)
- session_var_name = "_csrf_token_#{controller_name}_#{action_name}"
- session[session_var_name.to_sym] ||= ActiveSupport::SecureRandom.base64(32)
- end
- alias_method_chain :form_authenticity_token, :action
- end
Add Comment
Please, Sign In to add comment