Protect from forgery by default

Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base by config. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2.
author: Lisa Ugray <lisa.ugray@shopify.com> 2017-07-10 11:12:45 -0400
committer: Lisa Ugray <lisa.ugray@shopify.com> 2017-07-10 16:23:47 -0400
commit: ec4a836919c021c0a5cf9ebeebb4db5e02104a55 (patch)
tree: ae03e9e4fdff6d55fec6477e4a50c5f9750c9bd7 /railties/lib/rails/application/configuration.rb
parent: b6300f3ecc79bff29cf9bb804a30fd92403feac1 (diff)
download: rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.tar.gz
rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.tar.bz2
rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 7e1359c42b..d403c4fa7c 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -96,6 +96,10 @@ module Rails
             active_support.use_authenticated_message_encryption = true
           end
 
+          if respond_to?(:action_controller)
+            action_controller.default_protect_from_forgery = true
+          end
+
         else
           raise "Unknown version #{target_version.to_s.inspect}"
         end
author	Lisa Ugray <lisa.ugray@shopify.com>	2017-07-10 11:12:45 -0400
committer	Lisa Ugray <lisa.ugray@shopify.com>	2017-07-10 16:23:47 -0400
commit	ec4a836919c021c0a5cf9ebeebb4db5e02104a55 (patch)
tree	ae03e9e4fdff6d55fec6477e4a50c5f9750c9bd7 /railties/lib/rails/application/configuration.rb
parent	b6300f3ecc79bff29cf9bb804a30fd92403feac1 (diff)
download	rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.tar.gz rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.tar.bz2 rails-ec4a836919c021c0a5cf9ebeebb4db5e02104a55.zip