diff options
author | eileencodes <eileencodes@gmail.com> | 2015-12-07 09:46:56 -0500 |
---|---|---|
committer | eileencodes <eileencodes@gmail.com> | 2015-12-07 10:38:26 -0500 |
commit | 39794037817703575c35a75f1961b01b83791191 (patch) | |
tree | 7ff1289b9660d0342b3fb748391d6e61c2b61a44 /activesupport/lib/active_support/hash_with_indifferent_access.rb | |
parent | ba1bfa7a542e6c81729c8e0039d3866f549ff109 (diff) | |
download | rails-39794037817703575c35a75f1961b01b83791191.tar.gz rails-39794037817703575c35a75f1961b01b83791191.tar.bz2 rails-39794037817703575c35a75f1961b01b83791191.zip |
Change the `protect_from_forgery` prepend default to `false`
Per this comment
https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want
`protect_from_forgery` to default to `prepend: false`.
`protect_from_forgery` will now be insterted into the callback chain at the
point it is called in your application. This is useful for cases where you
want to `protect_from_forgery` after you perform required authentication
callbacks or other callbacks that are required to run after forgery protection.
If you want `protect_from_forgery` callbacks to always run first, regardless of
position they are called in your application, then you can add `prepend: true`
to your `protect_from_forgery` call.
Example:
```ruby
protect_from_forgery prepend: true
```
Diffstat (limited to 'activesupport/lib/active_support/hash_with_indifferent_access.rb')
0 files changed, 0 insertions, 0 deletions