aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
diff options
context:
space:
mode:
authorTom Richards <tom@tomrichards.net>2019-03-17 15:22:36 -0400
committerTom Richards <tom@tomrichards.net>2019-03-17 15:22:36 -0400
commitf80871fe6057d82fa218500e615a899245371071 (patch)
tree9dfc6c0fdbc913bd2e373ed0283b1cb4b185f2fa /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parent98e380f02452ee2597d122c76fd6b3a802f73333 (diff)
downloadrails-f80871fe6057d82fa218500e615a899245371071.tar.gz
rails-f80871fe6057d82fa218500e615a899245371071.tar.bz2
rails-f80871fe6057d82fa218500e615a899245371071.zip
Suggest 'strict-origin' Referrer-Policy header
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index cb109c6ad8..4bf8d90b69 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -431,7 +431,7 @@ module ActionController #:nodoc:
The browser returned a 'null' origin for a request with origin-based forgery protection turned on. This usually
means you have the 'no-referrer' Referrer-Policy header enabled, or that the request came from a site that
refused to give its origin. This makes it impossible for Rails to verify the source of the requests. Likely the
- best solution is to change your referrer policy to something less strict like same-origin or strict-same-origin.
+ best solution is to change your referrer policy to something less strict like same-origin or strict-origin.
If you cannot change the referrer policy, you can disable origin checking with the
Rails.application.config.action_controller.forgery_protection_origin_check setting.
MSG