diff options
| author | Carlos Antonio da Silva <carlosantoniodasilva@gmail.com> | 2012-03-10 11:02:27 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-03-14 12:46:23 -0300 |
| commit | 5c8c7ca2f99903533175e6da1da61fd349bce261 (patch) | |
| tree | e1973b09b2aafa5ddf3c2fb30ea2e461c41b0aae | |
| parent | 4c16791f355c74f8e6ad916e67fd4ae81efbf708 (diff) | |
| download | rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.gz rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.bz2 rails-5c8c7ca2f99903533175e6da1da61fd349bce261.zip | |
Add http-only option to Rails app generator
Change application controller template accordingly, to inherit from
ActionController::HTTP and not generate protect_from_forgery call.
[Carlos Antonio da Silva & Santiago Pastorino]
4 files changed, 18 insertions, 5 deletions
diff --git a/railties/lib/rails/generators/app_base.rb b/railties/lib/rails/generators/app_base.rb index 8e9083e6eb..f3333d0acb 100644 --- a/railties/lib/rails/generators/app_base.rb +++ b/railties/lib/rails/generators/app_base.rb @@ -58,6 +58,9 @@ module Rails class_option :skip_test_unit, :type => :boolean, :aliases => "-T", :default => false, :desc => "Skip Test::Unit files" + class_option :http_only, :type => :boolean, :default => false, + :desc => "Preconfigure smaller stack for HTTP only apps" + class_option :help, :type => :boolean, :aliases => "-h", :group => :rails, :desc => "Show this help message and quit" end diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb deleted file mode 100644 index b3d6adad2a..0000000000 --- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb +++ /dev/null @@ -1,5 +0,0 @@ -class ApplicationController < ActionController::Base - # prevent CSRF attacks by raising an exception, - # if your application has an API, you'll probably need to use :reset_session - protect_from_forgery :with => :exception -end diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt new file mode 100644 index 0000000000..699b2c1119 --- /dev/null +++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt @@ -0,0 +1,5 @@ +class ApplicationController < ActionController::<%= options.http_only? ? "HTTP" : "Base" %> + # Prevent CSRF attacks by raising an exception. + # For APIs, you may want to use :reset_session instead. + <%= comment_if :http_only %>protect_from_forgery :with => :exception +end diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index 4db0cdc28e..d20dbc2e3b 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -361,6 +361,16 @@ class AppGeneratorTest < Rails::Generators::TestCase assert_file "config/application.rb", /config\.active_record\.dependent_restrict_raises = false/ end + def test_http_only_generates_application_controller_with_action_controller_http + run_generator [destination_root, "--http-only"] + assert_file "app/controllers/application_controller.rb", /class ApplicationController < ActionController::HTTP/ + end + + def test_http_only_generates_application_controller_with_protect_from_forgery_commented_out_setup + run_generator [destination_root, "--http"] + assert_file "app/controllers/application_controller.rb", /^ # protect_from_forgery/ + end + def test_pretend_option output = run_generator [File.join(destination_root, "myapp"), "--pretend"] assert_no_match(/run bundle install/, output) |