diff options
| author | Ben Toews <mastahyeti@users.noreply.github.com> | 2016-01-04 12:23:55 -0700 |
|---|---|---|
| committer | Ben Toews <mastahyeti@users.noreply.github.com> | 2016-01-04 12:26:38 -0700 |
| commit | 3e98819e20bc113343d4d4c0df614865ad5a9d3a (patch) | |
| tree | fa003a9cbbec97f7d1cdb9a87a2c065473ad2e4d /guides/source/configuring.md | |
| parent | e165f7fa6044926796c9d9a8bb9a81bc78431d4f (diff) | |
| download | rails-3e98819e20bc113343d4d4c0df614865ad5a9d3a.tar.gz rails-3e98819e20bc113343d4d4c0df614865ad5a9d3a.tar.bz2 rails-3e98819e20bc113343d4d4c0df614865ad5a9d3a.zip | |
add option for per-form CSRF tokens
Diffstat (limited to 'guides/source/configuring.md')
| -rw-r--r-- | guides/source/configuring.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 14ba343520..e9261a3dab 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -345,6 +345,8 @@ The schema dumper adds one additional configuration option: * `config.action_controller.forgery_protection_origin_check` configures whether the HTTP `Origin` header should be checked against the site's origin as an additional CSRF defense. +* `config.action_controller.per_form_csrf_tokens` configures whether CSRF tokens are only valid for the method/action they were generated for. + * `config.action_controller.relative_url_root` can be used to tell Rails that you are [deploying to a subdirectory](configuring.html#deploy-to-a-subdirectory-relative-url-root). The default is `ENV['RAILS_RELATIVE_URL_ROOT']`. * `config.action_controller.permit_all_parameters` sets all the parameters for mass assignment to be permitted by default. The default value is `false`. |