Merge pull request #22263 from mastahyeti/csrf-origin-check

Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
author: Rafael França <rafaelmfranca@gmail.com> 2015-11-26 14:23:50 -0200
committer: Rafael França <rafaelmfranca@gmail.com> 2015-11-26 14:23:50 -0200
commit: e1e6499ede1dd196c03f650b95c3a0098c7c32ff (patch)
tree: 934b91cfbf3950483900976f42dd827e90edf5a0 /railties
parent: d25205241b4f8d38b8ab106ffc1c465a8a697415 (diff)
parent: 85783534fcf1baefa5b502a2bfee235ae6d612d7 (diff)
download: rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.gz
rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.bz2
rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb
new file mode 100644
index 0000000000..3eab78a885
--- /dev/null
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb
@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Enable origin-checking CSRF mitigation.
+Rails.application.config.action_controller.forgery_protection_origin_check = true
author	Rafael França <rafaelmfranca@gmail.com>	2015-11-26 14:23:50 -0200
committer	Rafael França <rafaelmfranca@gmail.com>	2015-11-26 14:23:50 -0200
commit	e1e6499ede1dd196c03f650b95c3a0098c7c32ff (patch)
tree	934b91cfbf3950483900976f42dd827e90edf5a0 /railties
parent	d25205241b4f8d38b8ab106ffc1c465a8a697415 (diff)
parent	85783534fcf1baefa5b502a2bfee235ae6d612d7 (diff)
download	rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.gz rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.bz2 rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.zip