Fix direct uploads to local service

Disable CSRF protection for ActiveStorage::DiskController#update. The local disk service is intended to imitate a third-party service like S3 or GCS, so we don't care where direct uploads originate: they’re authorized by signed tokens. Closes #30290. [Shinichi Maeshima & George Claghorn]
author: George Claghorn <george@basecamp.com> 2017-11-20 10:52:54 -0500
committer: George Claghorn <george@basecamp.com> 2017-11-20 10:54:46 -0500
commit: 2d20a7696a761b1840bc2fbe09a2fd4bff2a779f (patch)
tree: f3fc409d686bd97219147bb4ae14d93a0c5fdbf8 /activestorage/test/dummy
parent: 951e2715b578e75a37b4cee914b9076df920cab4 (diff)
download: rails-2d20a7696a761b1840bc2fbe09a2fd4bff2a779f.tar.gz
rails-2d20a7696a761b1840bc2fbe09a2fd4bff2a779f.tar.bz2
rails-2d20a7696a761b1840bc2fbe09a2fd4bff2a779f.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/activestorage/test/dummy/config/environments/test.rb b/activestorage/test/dummy/config/environments/test.rb
index ce0889e8ae..74a802d98c 100644
--- a/activestorage/test/dummy/config/environments/test.rb
+++ b/activestorage/test/dummy/config/environments/test.rb
@@ -30,6 +30,9 @@ Rails.application.configure do
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
 
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 end
author	George Claghorn <george@basecamp.com>	2017-11-20 10:52:54 -0500
committer	George Claghorn <george@basecamp.com>	2017-11-20 10:54:46 -0500
commit	2d20a7696a761b1840bc2fbe09a2fd4bff2a779f (patch)
tree	f3fc409d686bd97219147bb4ae14d93a0c5fdbf8 /activestorage/test/dummy
parent	951e2715b578e75a37b4cee914b9076df920cab4 (diff)
download	rails-2d20a7696a761b1840bc2fbe09a2fd4bff2a779f.tar.gz rails-2d20a7696a761b1840bc2fbe09a2fd4bff2a779f.tar.bz2 rails-2d20a7696a761b1840bc2fbe09a2fd4bff2a779f.zip