From 34ab9982dc15f7f87253dabc67ec5c5e55f84e77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrik=20B=C3=B3na?= Date: Mon, 9 Apr 2018 12:26:24 +0200 Subject: Improve the null origin error message --- actionpack/lib/action_controller/metal/request_forgery_protection.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 94092de96c..fc9cf8aaff 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -417,7 +417,7 @@ module ActionController #:nodoc: NULL_ORIGIN_MESSAGE = <<~MSG The browser returned a 'null' origin for a request with origin-based forgery protection turned on. This usually - means you have the 'no-referrer' Referrer-Policy header enabled, or that you the request came from a site that + means you have the 'no-referrer' Referrer-Policy header enabled, or that the request came from a site that refused to give its origin. This makes it impossible for Rails to verify the source of the requests. Likely the best solution is to change your referrer policy to something less strict like same-origin or strict-same-origin. If you cannot change the referrer policy, you can disable origin checking with the -- cgit v1.2.3