From 9892626579d1c62c367e5344a1d1642708340f88 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Mon, 1 Feb 2016 17:17:56 -0800
Subject: Generated engines should protect from forgery

Generated engines should call `protect_from_forgery`.  If this method
isn't called, then the Engine could be susceptible to XSS attacks.
Thanks @tomekr for reporting this to us!

Conflicts:
	railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt
	railties/test/generators/plugin_generator_test.rb
---
 .../templates/app/controllers/%name%/application_controller.rb.tt        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt b/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt
index 448ad7f989..74ce53c7c3 100644
--- a/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt
+++ b/railties/lib/rails/generators/rails/plugin_new/templates/app/controllers/%name%/application_controller.rb.tt
@@ -1,4 +1,5 @@
 module <%= camelized %>
   class ApplicationController < ActionController::Base
+    protect_from_forgery :with => :exception
   end
 end
-- 
cgit v1.2.3