aboutsummaryrefslogtreecommitdiffstats
path: root/railties
diff options
context:
space:
mode:
authorAaron Patterson <aaron.patterson@gmail.com>2016-02-01 17:17:56 -0800
committerAaron Patterson <aaron.patterson@gmail.com>2016-02-01 17:44:33 -0800
commit9892626579d1c62c367e5344a1d1642708340f88 (patch)
treeaaf9f35f2dfe7156d0f4f8ae9b1b31b8c0d0f493 /railties
parenta7a376a6fa9867f4b1af2d7d12dd22d7042c5fe6 (diff)
downloadrails-9892626579d1c62c367e5344a1d1642708340f88.tar.gz
rails-9892626579d1c62c367e5344a1d1642708340f88.tar.bz2
rails-9892626579d1c62c367e5344a1d1642708340f88.zip
Generated engines should protect from forgery
Generated engines should call `protect_from_forgery`. If this method isn't called, then the Engine could be susceptible to XSS attacks. Thanks @tomekr for reporting this to us! Conflicts: railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt railties/test/generators/plugin_generator_test.rb
Diffstat (limited to 'railties')
-rw-r--r--railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt1
1 files changed, 1 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt b/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt
index 448ad7f989..74ce53c7c3 100644
--- a/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt
+++ b/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt
@@ -1,4 +1,5 @@
module <%= camelized %>
class ApplicationController < ActionController::Base
+ protect_from_forgery :with => :exception
end
end