You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+12-13Lines changed: 12 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,23 +16,11 @@ Requirements
16
16
------------
17
17
18
18
-[jQuery 1.4.4][jquery] or later;
19
-
- for Ruby on Rails only: `<%= csrf_meta_tag %>` in the HEAD of your HTML layout;
19
+
- for Ruby on Rails only: `<%= csrf_meta_tags %>` in the HEAD of your HTML layout (Rails 3.1)
20
20
- HTML5 doctype (optional).
21
21
22
22
If you don't use HTML5, adding "data" attributes to your HTML4 or XHTML pages might make them fail [W3C markup validation][validator]. However, this shouldn't create any issues for web browsers or other user agents.
23
23
24
-
In Ruby on Rails 3, the `csrf_meta_tag` helper generates two meta tags containing values necessary for [cross-site request forgery protection][csrf] built into Rails. If you're using Rails 2, here is how to implement that helper:
25
-
26
-
# app/helpers/application_helper.rb
27
-
def csrf_meta_tag
28
-
if protect_against_forgery?
29
-
out = %(<meta name="csrf-param" content="%s"/>\n)
30
-
out << %(<meta name="csrf-token" content="%s"/>)
31
-
out % [ Rack::Utils.escape_html(request_forgery_protection_token),
@@ -70,6 +58,17 @@ Configure the following in your application startup file:
70
58
71
59
Now the template helper `javascript_include_tag :defaults` will generate SCRIPT tags to load jQuery and rails.js.
72
60
61
+
In Ruby on Rails 3.1, the `csrf_meta_tags` helper generates two meta tags containing values necessary for [cross-site request forgery protection][csrf] built into Rails. In Rails 3.0, the helper is named `csrf_meta_tag`. If you're using Rails 2, here is how to implement that helper:
62
+
63
+
# app/helpers/application_helper.rb
64
+
def csrf_meta_tag
65
+
if protect_against_forgery?
66
+
out = %(<meta name="csrf-param" content="%s"/>\n)
67
+
out << %(<meta name="csrf-token" content="%s"/>)
68
+
out % [ Rack::Utils.escape_html(request_forgery_protection_token),
[data]: http://dev.w3.org/html5/spec/elements.html#embedding-custom-non-visible-data-with-the-data-attributes"Embedding custom non-visible data with the data-* attributes"
0 commit comments