diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2017-07-10 17:24:31 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-10 17:24:31 -0400 |
| commit | 48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee (patch) | |
| tree | 3829cb73ad09675ba74fa4443d320c8fd3c4384c /guides/source | |
| parent | 3fa66935fd65e2d834dcc743bd835afb5b875f7f (diff) | |
| parent | 73b944eca721be750e1263c15d221f153d1396d0 (diff) | |
| download | rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.gz rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.bz2 rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.zip | |
Merge pull request #29742 from lugray/default_protect_from_forgery
Default protect from forgery
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/configuring.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 21b3ca0efa..28ceef9740 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -401,6 +401,8 @@ The schema dumper adds one additional configuration option: * `config.action_controller.per_form_csrf_tokens` configures whether CSRF tokens are only valid for the method/action they were generated for. +* `config.action_controller.default_protect_from_forgery` determines whether forgery protection is added on `ActionController:Base`. This is false by default, but enabled when loading defaults for Rails 5.2. + * `config.action_controller.relative_url_root` can be used to tell Rails that you are [deploying to a subdirectory](configuring.html#deploy-to-a-subdirectory-relative-url-root). The default is `ENV['RAILS_RELATIVE_URL_ROOT']`. * `config.action_controller.permit_all_parameters` sets all the parameters for mass assignment to be permitted by default. The default value is `false`. |