Closed cesarfigueroa closed 11 years ago
Hi! I found your commit with the gems-status software (github.com/jordimassaguerpla/gems-status) and I am wondering if I should update my apps that use your software because of this commit. Is this a security issue? Thanks.
No, this is not a security issue.
The culprit:
Because
AuthenticityToken
returns true if a request is not a POST, PUT or DELETE one, the token never gets set until a form is sent.