El Sunday 29 June 2008 23:02:58 Rick Olson escribió: > On 6/20/08, Antonio Tapiador del Dujo <[EMAIL PROTECTED]> wrote: > > Rails 2.1 Request Forgery Protection is incompatible with AtomPub > > implementations > > > > New 'verifiable_request_format?' function > > (action_controller/request_forgery_protection.rb:101) is banning DELETE > > requests, where request.content_type is nil > > Shouldn't the content type be application/atom+xml? :atom is in > unverifiable_types.
I guess it's set to nil by Rails, because of the request body being blank. > > It also forbids posting any type of media, like images. This should we > > solved adding every content type to @@unverifiable_types in Mime::Type > > > > Any comments? > > According to the docs, you can skip request forgery protection by > skipping the before_filter: > > skip_before_filter :verify_authenticity_token This would prevent forgery protection working for HTML requests > Do you have any suggestions to make this easier for atompub implementors? I would suggest some kind of white list like Mime::Type@@unverifiable_types but for respond_to formats --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
