aboutsummaryrefslogtreecommitdiffstats
path: root/activestorage
diff options
context:
space:
mode:
authorGeorge Claghorn <george@basecamp.com>2017-11-21 14:59:30 -0500
committerGeorge Claghorn <george@basecamp.com>2017-11-21 14:59:30 -0500
commit4d5f0bb30b5ac76407c9864b83b69b8a83ac3dd6 (patch)
tree50f5614e078d58ff0292e26fde8eed70b5931eda /activestorage
parent3fa812615a28f9c6392c433f3b08c41c5efb999f (diff)
downloadrails-4d5f0bb30b5ac76407c9864b83b69b8a83ac3dd6.tar.gz
rails-4d5f0bb30b5ac76407c9864b83b69b8a83ac3dd6.tar.bz2
rails-4d5f0bb30b5ac76407c9864b83b69b8a83ac3dd6.zip
Fix loading ActiveStorage::DiskController when CSRF protection is disabled by default
Diffstat (limited to 'activestorage')
-rw-r--r--activestorage/app/controllers/active_storage/disk_controller.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb
index 8caecfff49..a7e10c0696 100644
--- a/activestorage/app/controllers/active_storage/disk_controller.rb
+++ b/activestorage/app/controllers/active_storage/disk_controller.rb
@@ -5,7 +5,7 @@
# Always go through the BlobsController, or your own authenticated controller, rather than directly
# to the service url.
class ActiveStorage::DiskController < ActionController::Base
- skip_forgery_protection
+ skip_forgery_protection if default_protect_from_forgery
def show
if key = decode_verified_key