Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from Rick Olson?
Thanks, Wes
Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from Rick Olson?
Yup, it was merged in in rails 2.0
Fred
Thanks, Frederick.
Follow - up: Is there anything that precludes using protect_from_forgery with a DB session store?
Wes
Thanks, Frederick.
Follow - up: Is there anything that precludes using
protect_from_forgery with a DB session store?
nope (you do however need to pass a secret to protect_from_forgery)
Fred
Yeah, I just verified that.
Sorry, I should have tested it first.
