aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test/application/rake
diff options
context:
space:
mode:
authorJon Leighton <j@jonathanleighton.com>2017-04-06 16:03:35 +0100
committerJon Leighton <j@jonathanleighton.com>2017-04-06 16:03:35 +0100
commita500b4796f86b05b3fece414f090a496d3cb4298 (patch)
treede4d65fcb3dd0aa3da662c36e67122dcbe2d94ef /railties/test/application/rake
parentfd097cff79c62fedabffae4e9f0fb53c2ec8bcbe (diff)
downloadrails-a500b4796f86b05b3fece414f090a496d3cb4298.tar.gz
rails-a500b4796f86b05b3fece414f090a496d3cb4298.tar.bz2
rails-a500b4796f86b05b3fece414f090a496d3cb4298.zip
Improve logging when Origin header doesn't match
I came up against this while dealing with a misconfigured server. The browser was setting the Origin header to "https://example.com", but the Rails app returned "http://example.com" from request.base_url (because it was failing to detect that HTTPS was used). This caused verify_authenticity_token to fail, but the message in the log was "Can't verify CSRF token", which is confusing because the failure had nothing to do with the CSRF token sent in the request. This made it very hard to identify the issue, so hopefully this will make it more obvious for the next person.
Diffstat (limited to 'railties/test/application/rake')
0 files changed, 0 insertions, 0 deletions