Change #{a} and #{form} have the option to use authenticity token
Bug #579264 reported by
Dave Cheong
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| play framework |
Won't Fix
|
Undecided
|
Unassigned | ||
| 1.0 |
Won't Fix
|
Undecided
|
Unassigned | ||
| 1.1 |
Fix Committed
|
Undecided
|
Unassigned | ||
Bug Description
In order to make our sites secure from CSRF, an authenticity token is required. This is currently not possible via the #{a} or #{form} tags. This bug is to change #{a} and #{form} to set the authenticity token by default, with an optional switch to turn it off.
See for further information:
http://
A patch to FastTags is provided as an attachment in this bug report.
Revision history for this message
| Dave Cheong (dc-davecheong) wrote | #2 |
| Changed in play: | |
| status: | New → Won't Fix |
To post a comment you must log in.
Path to _a() and _form() with exclusion of the "authentic" attribute from the rendered output