diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2016-02-01 17:17:56 -0800 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2016-02-01 17:44:33 -0800 |
| commit | 9892626579d1c62c367e5344a1d1642708340f88 (patch) | |
| tree | aaf9f35f2dfe7156d0f4f8ae9b1b31b8c0d0f493 | |
| parent | a7a376a6fa9867f4b1af2d7d12dd22d7042c5fe6 (diff) | |
| download | rails-9892626579d1c62c367e5344a1d1642708340f88.tar.gz rails-9892626579d1c62c367e5344a1d1642708340f88.tar.bz2 rails-9892626579d1c62c367e5344a1d1642708340f88.zip | |
Generated engines should protect from forgery
Generated engines should call `protect_from_forgery`. If this method
isn't called, then the Engine could be susceptible to XSS attacks.
Thanks @tomekr for reporting this to us!
Conflicts:
railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt
railties/test/generators/plugin_generator_test.rb
| -rw-r--r-- | railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt b/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt index 448ad7f989..74ce53c7c3 100644 --- a/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt +++ b/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt @@ -1,4 +1,5 @@ module <%= camelized %> class ApplicationController < ActionController::Base + protect_from_forgery :with => :exception end end |