diff options
| author | John Barton (joho) <jrbarton@gmail.com> | 2014-03-05 11:24:51 +1100 |
|---|---|---|
| committer | John Barton (joho) <jrbarton@gmail.com> | 2014-03-05 11:31:57 +1100 |
| commit | 67584c6ae37c88f8abba6f4fbdeedc7c1a6dfa1b (patch) | |
| tree | 6c41b63806c25e48f96db2f5bfc26cb2ebda085c /actionpack/lib/action_controller/metal | |
| parent | 475c96589ca65282e1a61350271c2f83f0d4044f (diff) | |
| download | rails-67584c6ae37c88f8abba6f4fbdeedc7c1a6dfa1b.tar.gz rails-67584c6ae37c88f8abba6f4fbdeedc7c1a6dfa1b.tar.bz2 rails-67584c6ae37c88f8abba6f4fbdeedc7c1a6dfa1b.zip | |
Make CSRF failure logging optional/configurable.
Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection
which is on by default.
Diffstat (limited to 'actionpack/lib/action_controller/metal')
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index c88074d4c6..e3b1f5ae7c 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -68,6 +68,10 @@ module ActionController #:nodoc: config_accessor :allow_forgery_protection self.allow_forgery_protection = true if allow_forgery_protection.nil? + # Controls whether a CSRF failure logs a warning. On by default. + config_accessor :log_warning_on_csrf_failure + self.log_warning_on_csrf_failure = true + helper_method :form_authenticity_token helper_method :protect_against_forgery? end @@ -193,7 +197,9 @@ module ActionController #:nodoc: mark_for_same_origin_verification! if !verified_request? - logger.warn "Can't verify CSRF token authenticity" if logger + if logger && log_warning_on_csrf_failure + logger.warn "Can't verify CSRF token authenticity" + end handle_unverified_request end end |