aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib
diff options
context:
space:
mode:
authorMichael Koziarski <michael@koziarski.com>2012-03-10 16:16:35 -0800
committerMichael Koziarski <michael@koziarski.com>2012-03-10 16:16:35 -0800
commit411a8265835971e48f79de9829c5e18e01837395 (patch)
tree2d4c987577d64c62107159d050372ce6cae92d84 /railties/lib
parentd5d241cb2c696f13e2c16efca0d24565a6e1c0a5 (diff)
parent245941101b1ea00a9b1af613c20b0ee994a43946 (diff)
downloadrails-411a8265835971e48f79de9829c5e18e01837395.tar.gz
rails-411a8265835971e48f79de9829c5e18e01837395.tar.bz2
rails-411a8265835971e48f79de9829c5e18e01837395.zip
Merge pull request #5326 from lest/patch-2
configure how unverified request will be handled
Diffstat (limited to 'railties/lib')
-rw-r--r--railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb4
1 files changed, 3 insertions, 1 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
index e8065d9505..b3d6adad2a 100644
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
@@ -1,3 +1,5 @@
class ApplicationController < ActionController::Base
- protect_from_forgery
+ # prevent CSRF attacks by raising an exception,
+ # if your application has an API, you'll probably need to use :reset_session
+ protect_from_forgery :with => :exception
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 20:20:28 +0000