diff options
| author | Sergey Nartimov <just.lest@gmail.com> | 2012-03-09 19:33:06 +0300 |
|---|---|---|
| committer | Sergey Nartimov <just.lest@gmail.com> | 2012-03-09 19:33:06 +0300 |
| commit | 245941101b1ea00a9b1af613c20b0ee994a43946 (patch) | |
| tree | a00431449c3dd935677a3fcb8728aa0dfb4b3cba /railties/lib/rails | |
| parent | 7638004d7d23df668ec33a3c570b7865e0d06a06 (diff) | |
| download | rails-245941101b1ea00a9b1af613c20b0ee994a43946.tar.gz rails-245941101b1ea00a9b1af613c20b0ee994a43946.tar.bz2 rails-245941101b1ea00a9b1af613c20b0ee994a43946.zip | |
configure how unverified request will be handled
can be configured using `:with` option in `protect_from_forgery` method
or `request_forgery_protection_method` config option
possible values:
- :reset_session (default)
- :exception
new applications are generated with:
protect_from_forgery :with => :exception
Diffstat (limited to 'railties/lib/rails')
| -rw-r--r-- | railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb index e8065d9505..b3d6adad2a 100644 --- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb +++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb @@ -1,3 +1,5 @@ class ApplicationController < ActionController::Base - protect_from_forgery + # prevent CSRF attacks by raising an exception, + # if your application has an API, you'll probably need to use :reset_session + protect_from_forgery :with => :exception end |