Add http-only option to Rails app generator

Change application controller template accordingly, to inherit from ActionController::HTTP and not generate protect_from_forgery call. [Carlos Antonio da Silva & Santiago Pastorino]
author: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com> 2012-03-10 11:02:27 -0300
committer: Santiago Pastorino <santiago@wyeworks.com> 2012-03-14 12:46:23 -0300
commit: 5c8c7ca2f99903533175e6da1da61fd349bce261 (patch)
tree: e1973b09b2aafa5ddf3c2fb30ea2e461c41b0aae /railties/lib/rails/generators
parent: 4c16791f355c74f8e6ad916e67fd4ae81efbf708 (diff)
download: rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.gz
rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.bz2
rails-5c8c7ca2f99903533175e6da1da61fd349bce261.zip
3 files changed, 8 insertions, 5 deletions
diff --git a/railties/lib/rails/generators/app_base.rb b/railties/lib/rails/generators/app_base.rb
index 8e9083e6eb..f3333d0acb 100644
--- a/railties/lib/rails/generators/app_base.rb
+++ b/railties/lib/rails/generators/app_base.rb
@@ -58,6 +58,9 @@ module Rails
         class_option :skip_test_unit,     :type => :boolean, :aliases => "-T", :default => false,
                                           :desc => "Skip Test::Unit files"
 
+        class_option :http_only,          :type => :boolean, :default => false,
+                                          :desc => "Preconfigure smaller stack for HTTP only apps"
+
         class_option :help,               :type => :boolean, :aliases => "-h", :group => :rails,
                                           :desc => "Show this help message and quit"
       end
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
deleted file mode 100644
index b3d6adad2a..0000000000
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-class ApplicationController < ActionController::Base
-  # prevent CSRF attacks by raising an exception,
-  # if your application has an API, you'll probably need to use :reset_session
-  protect_from_forgery :with => :exception
-end
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
new file mode 100644
index 0000000000..699b2c1119
--- /dev/null
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::<%= options.http_only? ? "HTTP" : "Base" %>
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :reset_session instead.
+  <%= comment_if :http_only %>protect_from_forgery :with => :exception
+end
author	Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>	2012-03-10 11:02:27 -0300
committer	Santiago Pastorino <santiago@wyeworks.com>	2012-03-14 12:46:23 -0300
commit	5c8c7ca2f99903533175e6da1da61fd349bce261 (patch)
tree	e1973b09b2aafa5ddf3c2fb30ea2e461c41b0aae /railties/lib/rails/generators
parent	4c16791f355c74f8e6ad916e67fd4ae81efbf708 (diff)
download	rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.gz rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.bz2 rails-5c8c7ca2f99903533175e6da1da61fd349bce261.zip