Merge pull request #29742 from lugray/default_protect_from_forgery

Default protect from forgery
author: Rafael França <rafaelmfranca@gmail.com> 2017-07-10 17:24:31 -0400
committer: GitHub <noreply@github.com> 2017-07-10 17:24:31 -0400
commit: 48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee (patch)
tree: 3829cb73ad09675ba74fa4443d320c8fd3c4384c /railties/lib
parent: 3fa66935fd65e2d834dcc743bd835afb5b875f7f (diff)
parent: 73b944eca721be750e1263c15d221f153d1396d0 (diff)
download: rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.gz
rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.bz2
rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.zip
3 files changed, 8 insertions, 3 deletions
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 7e1359c42b..d403c4fa7c 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -96,6 +96,10 @@ module Rails
             active_support.use_authenticated_message_encryption = true
           end
 
+          if respond_to?(:action_controller)
+            action_controller.default_protect_from_forgery = true
+          end
+
         else
           raise "Unknown version #{target_version.to_s.inspect}"
         end
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
index 413354186d..185c0017f1 100644
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
@@ -1,5 +1,2 @@
 class ApplicationController < ActionController::<%= options[:api] ? "API" : "Base" %>
-<%- unless options[:api] -%>
-  protect_from_forgery with: :exception
-<%- end -%>
 end
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
index 3809936f9f..e8f5f964ed 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
@@ -17,3 +17,7 @@
 # Use AES-256-GCM authenticated encryption as default cipher for encrypting messages
 # instead of AES-256-CBC, when use_authenticated_message_encryption is set to true.
 # Rails.application.config.active_support.use_authenticated_message_encryption = true
+
+# Add default protection from forgery to ActionController::Base instead of in
+# ApplicationController.
+# Rails.applocation.config.action_controller.default_protect_from_forgery = true
author	Rafael França <rafaelmfranca@gmail.com>	2017-07-10 17:24:31 -0400
committer	GitHub <noreply@github.com>	2017-07-10 17:24:31 -0400
commit	48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee (patch)
tree	3829cb73ad09675ba74fa4443d320c8fd3c4384c /railties/lib
parent	3fa66935fd65e2d834dcc743bd835afb5b875f7f (diff)
parent	73b944eca721be750e1263c15d221f153d1396d0 (diff)
download	rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.gz rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.bz2 rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.zip