aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
diff options
context:
space:
mode:
authorPatrik Bóna <patrik.bona@mrhead.sk>2018-04-09 12:26:24 +0200
committerPatrik Bóna <patrik.bona@mrhead.sk>2018-04-09 12:26:24 +0200
commit34ab9982dc15f7f87253dabc67ec5c5e55f84e77 (patch)
tree51e5260ba12b4ed2a7cb0d78b8d5ad0b40a9e82b /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parentbc9fb9cf8b5dbe8ecf399ffd5d48d84bdb96a9db (diff)
downloadrails-34ab9982dc15f7f87253dabc67ec5c5e55f84e77.tar.gz
rails-34ab9982dc15f7f87253dabc67ec5c5e55f84e77.tar.bz2
rails-34ab9982dc15f7f87253dabc67ec5c5e55f84e77.zip
Improve the null origin error message
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 94092de96c..fc9cf8aaff 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -417,7 +417,7 @@ module ActionController #:nodoc:
NULL_ORIGIN_MESSAGE = <<~MSG
The browser returned a 'null' origin for a request with origin-based forgery protection turned on. This usually
- means you have the 'no-referrer' Referrer-Policy header enabled, or that you the request came from a site that
+ means you have the 'no-referrer' Referrer-Policy header enabled, or that the request came from a site that
refused to give its origin. This makes it impossible for Rails to verify the source of the requests. Likely the
best solution is to change your referrer policy to something less strict like same-origin or strict-same-origin.
If you cannot change the referrer policy, you can disable origin checking with the