aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
diff options
context:
space:
mode:
authorLisa Ugray <lisa.ugray@shopify.com>2017-07-10 11:12:45 -0400
committerLisa Ugray <lisa.ugray@shopify.com>2017-07-10 16:23:47 -0400
commitec4a836919c021c0a5cf9ebeebb4db5e02104a55 (patch)
treeae03e9e4fdff6d55fec6477e4a50c5f9750c9bd7 /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parentb6300f3ecc79bff29cf9bb804a30fd92403feac1 (diff)
downloadrails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.tar.gz
rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.tar.bz2
rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.zip
Protect from forgery by default
Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base by config. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2.
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb4
1 files changed, 4 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 4468cbb2fc..117dee2219 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -85,6 +85,10 @@ module ActionController #:nodoc:
config_accessor :per_form_csrf_tokens
self.per_form_csrf_tokens = false
+ # Controls whether forgery protection is enabled by default.
+ config_accessor :default_protect_from_forgery
+ self.default_protect_from_forgery = false
+
helper_method :form_authenticity_token
helper_method :protect_against_forgery?
end