diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2016-01-06 02:55:10 -0200 |
|---|---|---|
| committer | Rafael França <rafaelmfranca@gmail.com> | 2016-01-06 02:55:10 -0200 |
| commit | ced9612b59d1a8fdd38ac1669cf1e6bd43220a24 (patch) | |
| tree | 7538e45b68b9d25cd6903cd3eb690a1fc3dfdf43 /guides/source | |
| parent | 5c9a0a4a082a474a7bc0a5dabc390eea22a294ea (diff) | |
| parent | 3e98819e20bc113343d4d4c0df614865ad5a9d3a (diff) | |
| download | rails-ced9612b59d1a8fdd38ac1669cf1e6bd43220a24.tar.gz rails-ced9612b59d1a8fdd38ac1669cf1e6bd43220a24.tar.bz2 rails-ced9612b59d1a8fdd38ac1669cf1e6bd43220a24.zip | |
Merge pull request #22275 from mastahyeti/per-form-csrf
Per-form CSRF tokens
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/configuring.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 14ba343520..e9261a3dab 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -345,6 +345,8 @@ The schema dumper adds one additional configuration option: * `config.action_controller.forgery_protection_origin_check` configures whether the HTTP `Origin` header should be checked against the site's origin as an additional CSRF defense. +* `config.action_controller.per_form_csrf_tokens` configures whether CSRF tokens are only valid for the method/action they were generated for. + * `config.action_controller.relative_url_root` can be used to tell Rails that you are [deploying to a subdirectory](configuring.html#deploy-to-a-subdirectory-relative-url-root). The default is `ENV['RAILS_RELATIVE_URL_ROOT']`. * `config.action_controller.permit_all_parameters` sets all the parameters for mass assignment to be permitted by default. The default value is `false`. |