Change #{a} and #{form} have the option to use authenticity token
Bug #579264 reported by
Dave Cheong
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
play framework |
Won't Fix
|
Undecided
|
Unassigned | ||
1.0 |
Won't Fix
|
Undecided
|
Unassigned | ||
1.1 |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
In order to make our sites secure from CSRF, an authenticity token is required. This is currently not possible via the #{a} or #{form} tags. This bug is to change #{a} and #{form} to set the authenticity token by default, with an optional switch to turn it off.
See for further information:
http://
A patch to FastTags is provided as an attachment in this bug report.
Changed in play: | |
status: | New → Won't Fix |
To post a comment you must log in.
Path to _a() and _form() with exclusion of the "authentic" attribute from the rendered output