diff options
| author | Patrik Bóna <patrik.bona@mrhead.sk> | 2018-04-09 12:26:24 +0200 |
|---|---|---|
| committer | Patrik Bóna <patrik.bona@mrhead.sk> | 2018-04-09 12:26:24 +0200 |
| commit | 34ab9982dc15f7f87253dabc67ec5c5e55f84e77 (patch) | |
| tree | 51e5260ba12b4ed2a7cb0d78b8d5ad0b40a9e82b | |
| parent | bc9fb9cf8b5dbe8ecf399ffd5d48d84bdb96a9db (diff) | |
| download | rails-34ab9982dc15f7f87253dabc67ec5c5e55f84e77.tar.gz rails-34ab9982dc15f7f87253dabc67ec5c5e55f84e77.tar.bz2 rails-34ab9982dc15f7f87253dabc67ec5c5e55f84e77.zip | |
Improve the null origin error message
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 94092de96c..fc9cf8aaff 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -417,7 +417,7 @@ module ActionController #:nodoc: NULL_ORIGIN_MESSAGE = <<~MSG The browser returned a 'null' origin for a request with origin-based forgery protection turned on. This usually - means you have the 'no-referrer' Referrer-Policy header enabled, or that you the request came from a site that + means you have the 'no-referrer' Referrer-Policy header enabled, or that the request came from a site that refused to give its origin. This makes it impossible for Rails to verify the source of the requests. Likely the best solution is to change your referrer policy to something less strict like same-origin or strict-same-origin. If you cannot change the referrer policy, you can disable origin checking with the |