diff options
| author | Carlos Antonio da Silva <carlosantoniodasilva@gmail.com> | 2012-03-10 11:02:27 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-03-14 12:46:23 -0300 |
| commit | 5c8c7ca2f99903533175e6da1da61fd349bce261 (patch) | |
| tree | e1973b09b2aafa5ddf3c2fb30ea2e461c41b0aae /railties/lib/rails | |
| parent | 4c16791f355c74f8e6ad916e67fd4ae81efbf708 (diff) | |
| download | rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.gz rails-5c8c7ca2f99903533175e6da1da61fd349bce261.tar.bz2 rails-5c8c7ca2f99903533175e6da1da61fd349bce261.zip | |
Add http-only option to Rails app generator
Change application controller template accordingly, to inherit from
ActionController::HTTP and not generate protect_from_forgery call.
[Carlos Antonio da Silva & Santiago Pastorino]
Diffstat (limited to 'railties/lib/rails')
3 files changed, 8 insertions, 5 deletions
diff --git a/railties/lib/rails/generators/app_base.rb b/railties/lib/rails/generators/app_base.rb index 8e9083e6eb..f3333d0acb 100644 --- a/railties/lib/rails/generators/app_base.rb +++ b/railties/lib/rails/generators/app_base.rb @@ -58,6 +58,9 @@ module Rails class_option :skip_test_unit, :type => :boolean, :aliases => "-T", :default => false, :desc => "Skip Test::Unit files" + class_option :http_only, :type => :boolean, :default => false, + :desc => "Preconfigure smaller stack for HTTP only apps" + class_option :help, :type => :boolean, :aliases => "-h", :group => :rails, :desc => "Show this help message and quit" end diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb deleted file mode 100644 index b3d6adad2a..0000000000 --- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb +++ /dev/null @@ -1,5 +0,0 @@ -class ApplicationController < ActionController::Base - # prevent CSRF attacks by raising an exception, - # if your application has an API, you'll probably need to use :reset_session - protect_from_forgery :with => :exception -end diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt new file mode 100644 index 0000000000..699b2c1119 --- /dev/null +++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt @@ -0,0 +1,5 @@ +class ApplicationController < ActionController::<%= options.http_only? ? "HTTP" : "Base" %> + # Prevent CSRF attacks by raising an exception. + # For APIs, you may want to use :reset_session instead. + <%= comment_if :http_only %>protect_from_forgery :with => :exception +end |