From 85783534fcf1baefa5b502a2bfee235ae6d612d7 Mon Sep 17 00:00:00 2001 From: Ben Toews Date: Wed, 25 Nov 2015 15:06:12 -0700 Subject: Add option to verify Origin header in CSRF checks --- .../app/templates/config/initializers/request_forgery_protection.rb | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb (limited to 'railties/lib/rails') diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb new file mode 100644 index 0000000000..3eab78a885 --- /dev/null +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb @@ -0,0 +1,4 @@ +# Be sure to restart your server when you modify this file. + +# Enable origin-checking CSRF mitigation. +Rails.application.config.action_controller.forgery_protection_origin_check = true -- cgit v1.2.3