>GET requests using Cookies for authentication. That returns non-public data. most of the time this is the case. JS templates return whole forms with authenticity_token in it!
On Saturday, November 30, 2013 7:45:08 AM UTC+7, Godfrey Chan wrote: > > > On Fri, Nov 29, 2013 at 7:27 AM, Egor Homakov <[email protected]<javascript:> > > wrote: > >> @dhh as i mentioned above for GET request this will always be a security >> breach. >> > > GET requests using Cookies for authentication. That returns non-public > data. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/groups/opt_out.
