On 6/20/08, Antonio Tapiador del Dujo <[EMAIL PROTECTED]> wrote: > > Rails 2.1 Request Forgery Protection is incompatible with AtomPub > implementations > > New 'verifiable_request_format?' function > (action_controller/request_forgery_protection.rb:101) is banning DELETE > requests, where request.content_type is nil
Shouldn't the content type be application/atom+xml? :atom is in unverifiable_types. > It also forbids posting any type of media, like images. This should we solved > adding every content type to @@unverifiable_types in Mime::Type > > Any comments? According to the docs, you can skip request forgery protection by skipping the before_filter: skip_before_filter :verify_authenticity_token Do you have any suggestions to make this easier for atompub implementors? -- Rick Olson http://lighthouseapp.com http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
