I'm currently working on a big project which uses Rails 3.2 and have no opportunity to move to the Rails 4. As I know, Rails 3 has CSRF protection vulnerability when you have JS views, which are requested by GET. In the Rails 4 it was fixed by this PR.
Does anyone know how can I patch Rails 3 to fix this vulnerability?
Aucun commentaire:
Enregistrer un commentaire