Add option to verify Origin header in CSRF checks

author: Ben Toews <mastahyeti@users.noreply.github.com> 2015-11-25 15:06:12 -0700
committer: Ben Toews <mastahyeti@users.noreply.github.com> 2015-11-25 15:06:12 -0700
commit: 85783534fcf1baefa5b502a2bfee235ae6d612d7 (patch)
tree: 64c3c3fe095f7da41c309a238f1c02186eccd08f /railties
parent: cb67c819338d75c07a591dc23759747c740a5088 (diff)
download: rails-85783534fcf1baefa5b502a2bfee235ae6d612d7.tar.gz
rails-85783534fcf1baefa5b502a2bfee235ae6d612d7.tar.bz2
rails-85783534fcf1baefa5b502a2bfee235ae6d612d7.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb
new file mode 100644
index 0000000000..3eab78a885
--- /dev/null
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb
@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Enable origin-checking CSRF mitigation.
+Rails.application.config.action_controller.forgery_protection_origin_check = true
author	Ben Toews <mastahyeti@users.noreply.github.com>	2015-11-25 15:06:12 -0700
committer	Ben Toews <mastahyeti@users.noreply.github.com>	2015-11-25 15:06:12 -0700
commit	85783534fcf1baefa5b502a2bfee235ae6d612d7 (patch)
tree	64c3c3fe095f7da41c309a238f1c02186eccd08f /railties
parent	cb67c819338d75c07a591dc23759747c740a5088 (diff)
download	rails-85783534fcf1baefa5b502a2bfee235ae6d612d7.tar.gz rails-85783534fcf1baefa5b502a2bfee235ae6d612d7.tar.bz2 rails-85783534fcf1baefa5b502a2bfee235ae6d612d7.zip