]> git.openstreetmap.org Git - rails.git/commit
projects / rails.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0b87b00) | patch
Get rid of custom CSRF protection for user role changes
authorTom Hughes <tom@compton.nu>
Tue, 20 Mar 2012 16:22:07 +0000 (16:22 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 20 Mar 2012 17:21:13 +0000 (17:21 +0000)
commit5f33656c8d6725969ac63dbfe038633ad0e4352f
tree2fa73dfe186f8badb2b2baeb4be1bdf7ddedb4bdtree | snapshot
parent0b87b003ee01bc7be53faa1ec994e52fa1074533commit | diff
Get rid of custom CSRF protection for user role changes

By restricting role changes to POST requests, which they should be
anyway, we get all the rails CSRF protection for free.
app/controllers/user_roles_controller.rb diff | blob | history
app/views/user/view.html.erb diff | blob | history
app/views/user_roles/grant.html.erb [deleted file] blob | history
app/views/user_roles/revoke.html.erb [deleted file] blob | history
config/routes.rb diff | blob | history
db/structure.sql diff | blob | history
test/functional/user_roles_controller_test.rb diff | blob | history
test/integration/user_roles_test.rb diff | blob | history
The OpenStreetMap web site