Interesting. Maybe the wrong place to ask this, but...
Why doesn't Rails strip _snowman out of params automagically so I don't
have to worry about it?
Well you could most likely include your own Rack middleware to "melt the
_snowman" from your params hash. No need to wait (and hope) for the
Rails team to do it for you.
Why not change authenticity_token to contain UTF8 characters?
I would assume that authenticity_token is some form of SHA-1 hash
encoded in Base64, which by definition produces 7-bit ASCII character
strings.
Why not change authenticity_token to contain UTF8 characters?
I would assume that authenticity_token is some form of SHA-1 hash
encoded in Base64, which by definition produces 7-bit ASCII character
strings.
Oh, duh. That makes sense. Still, they could just strip it off the end... but that might be overloading behavior into something that's "been around" for a long time.