Hi !! I'm reading the rails guides about security, i had a question about the forgery protection
If we consider a standard Restful resource ( generated with scaffold for example ), the update and create actions are protected from forgery attacks thanks to the authenticity token, but what about the destroy method ?? <a href="/posts/2" data-method="delete"rel="nofollow">Supprimer</a> A third party website could paste a link with the same href and other attributes and changing the link text et that would indeed destroy my post wouldn'it ?? There's no token here .. Thanks -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
