Rails 3.2.3.rc2 has been released.
Rails 3.2.3 introduced a new option that allows you to control the behavior of remote forms when it comes to authenticity_token
generation. If you want to fragment cache your forms, authenticity token will also get cached, which isn’t acceptable. However, if you only use such forms with ajax, you can disable token generation, because it will be fetched from meta
tag. Starting with 3.2.3, you have an option to stop generating authenticity_token
in remote forms (ie. :remote => true
is passed as an option), by setting config.action_view.embed_authenticity_token_in_remote_forms = false
. Please note that this will break sending those forms with javascript disabled. If you choose to not generate the token in remote forms by default, you can still explicitly pass :authenticity_token => true
when generating the form to bypass this setting.
The option defaults to true
, which means that existing apps are NOT affected.
This RC includes this authenticity_token change and 2 bug fixes described below. If there are no more release blockers, I will be releasing the final version on March 30th (tomorrow). If you find something please open an issue on github and let me know through email (santiago at wyeworks.com), tweet (spastorino) or cc me on the github issue.
Action Mailer
Action Pack
Active Model
Active Record
Active Resource
Active Support
Railties
You can find the list of all changes made between 3.2.3.rc1 and 3.2.3.rc2 here and an exhaustive list of changes between 3.2.2 and 3.2.3.rc2 here.
Thanks to everyone, this is your last chance to hold the release if something goes wrong. So please, give this release a try :).