From 5c8c7ca2f99903533175e6da1da61fd349bce261 Mon Sep 17 00:00:00 2001
From: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
Date: Sat, 10 Mar 2012 11:02:27 -0300
Subject: Add http-only option to Rails app generator

Change application controller template accordingly, to inherit from
ActionController::HTTP and not generate protect_from_forgery call.

[Carlos Antonio da Silva & Santiago Pastorino]
---
 railties/lib/rails/generators/app_base.rb                            | 3 +++
 .../rails/app/templates/app/controllers/application_controller.rb    | 5 -----
 .../rails/app/templates/app/controllers/application_controller.rb.tt | 5 +++++
 3 files changed, 8 insertions(+), 5 deletions(-)
 delete mode 100644 railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
 create mode 100644 railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt

(limited to 'railties/lib')

diff --git a/railties/lib/rails/generators/app_base.rb b/railties/lib/rails/generators/app_base.rb
index 8e9083e6eb..f3333d0acb 100644
--- a/railties/lib/rails/generators/app_base.rb
+++ b/railties/lib/rails/generators/app_base.rb
@@ -58,6 +58,9 @@ module Rails
         class_option :skip_test_unit,     :type => :boolean, :aliases => "-T", :default => false,
                                           :desc => "Skip Test::Unit files"
 
+        class_option :http_only,          :type => :boolean, :default => false,
+                                          :desc => "Preconfigure smaller stack for HTTP only apps"
+
         class_option :help,               :type => :boolean, :aliases => "-h", :group => :rails,
                                           :desc => "Show this help message and quit"
       end
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
deleted file mode 100644
index b3d6adad2a..0000000000
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-class ApplicationController < ActionController::Base
-  # prevent CSRF attacks by raising an exception,
-  # if your application has an API, you'll probably need to use :reset_session
-  protect_from_forgery :with => :exception
-end
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
new file mode 100644
index 0000000000..699b2c1119
--- /dev/null
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::<%= options.http_only? ? "HTTP" : "Base" %>
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :reset_session instead.
+  <%= comment_if :http_only %>protect_from_forgery :with => :exception
+end
-- 
cgit v1.2.3