From 2d20a7696a761b1840bc2fbe09a2fd4bff2a779f Mon Sep 17 00:00:00 2001
From: George Claghorn <george@basecamp.com>
Date: Mon, 20 Nov 2017 10:52:54 -0500
Subject: Fix direct uploads to local service
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Disable CSRF protection for ActiveStorage::DiskController#update. The local disk service is intended to imitate a third-party service like S3 or GCS, so we don't care where direct uploads originate: they’re authorized by signed tokens.

Closes #30290.

[Shinichi Maeshima & George Claghorn]
---
 activestorage/test/dummy/config/environments/test.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'activestorage/test/dummy')

diff --git a/activestorage/test/dummy/config/environments/test.rb b/activestorage/test/dummy/config/environments/test.rb
index ce0889e8ae..74a802d98c 100644
--- a/activestorage/test/dummy/config/environments/test.rb
+++ b/activestorage/test/dummy/config/environments/test.rb
@@ -30,6 +30,9 @@ Rails.application.configure do
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
 
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 end
-- 
cgit v1.2.3


From ae7593e7e842ec5efb8d58a7ce005ba55fd4c886 Mon Sep 17 00:00:00 2001
From: George Claghorn <george@basecamp.com>
Date: Mon, 20 Nov 2017 10:57:29 -0500
Subject: Load 5.2 defaults in ASt dummy app

---
 activestorage/test/dummy/config/application.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'activestorage/test/dummy')

diff --git a/activestorage/test/dummy/config/application.rb b/activestorage/test/dummy/config/application.rb
index 7ee6625bb5..06cbc453a2 100644
--- a/activestorage/test/dummy/config/application.rb
+++ b/activestorage/test/dummy/config/application.rb
@@ -19,7 +19,7 @@ Bundler.require(*Rails.groups)
 
 module Dummy
   class Application < Rails::Application
-    config.load_defaults 5.1
+    config.load_defaults 5.2
 
     config.active_storage.service = :local
   end
-- 
cgit v1.2.3