diff options
| author | Sergey Nartimov <just.lest@gmail.com> | 2012-09-13 12:07:37 +0300 |
|---|---|---|
| committer | Sergey Nartimov <just.lest@gmail.com> | 2012-09-13 12:07:37 +0300 |
| commit | 95be790ece75710f2588558a6d5f40fd09543b97 (patch) | |
| tree | 5dbcfe62d1337ed87c2afdc95f025aee22587a17 /railties/lib/rails | |
| parent | 616ba15f2cb89588ae3b0a55452f4059f2c118b1 (diff) | |
| download | rails-95be790ece75710f2588558a6d5f40fd09543b97.tar.gz rails-95be790ece75710f2588558a6d5f40fd09543b97.tar.bz2 rails-95be790ece75710f2588558a6d5f40fd09543b97.zip | |
Implement :null_session CSRF protection method
It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946.
The :null_session CSRF protection method provide an empty session during
request processing but doesn't reset it completely (as :reset_session
does).
Diffstat (limited to 'railties/lib/rails')
| -rw-r--r-- | railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt index 6c0ef31725..d83690e1b9 100644 --- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt @@ -1,5 +1,5 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. - # For APIs, you may want to use :reset_session instead. + # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception end |