diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2016-02-01 17:17:56 -0800 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2016-02-01 17:18:08 -0800 |
| commit | 538bce1f7c676f4a5b3d800ed0f68ec065776a7f (patch) | |
| tree | 1c92ddf619d9b4f1c6326993dba7500051f51ac4 /railties/lib/rails | |
| parent | 96b9609e2b006d7b75d099a29729fe8d805f12bf (diff) | |
| download | rails-538bce1f7c676f4a5b3d800ed0f68ec065776a7f.tar.gz rails-538bce1f7c676f4a5b3d800ed0f68ec065776a7f.tar.bz2 rails-538bce1f7c676f4a5b3d800ed0f68ec065776a7f.zip | |
Generated engines should protect from forgery
Generated engines should call `protect_from_forgery`. If this method
isn't called, then the Engine could be susceptible to XSS attacks.
Thanks @tomekr for reporting this to us!
Diffstat (limited to 'railties/lib/rails')
| -rw-r--r-- | railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt b/railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt index 7fe4e5034d..83807f14b4 100644 --- a/railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt +++ b/railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt @@ -1,5 +1,6 @@ <%= wrap_in_modules <<-rb.strip_heredoc class ApplicationController < ActionController::#{api? ? "API" : "Base"} + #{ api? ? '# ' : '' }protect_from_forgery :with => :exception end rb %> |