From 85783534fcf1baefa5b502a2bfee235ae6d612d7 Mon Sep 17 00:00:00 2001
From: Ben Toews <mastahyeti@users.noreply.github.com>
Date: Wed, 25 Nov 2015 15:06:12 -0700
Subject: Add option to verify Origin header in CSRF checks

---
 .../app/templates/config/initializers/request_forgery_protection.rb   | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb

(limited to 'railties')

diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb
new file mode 100644
index 0000000000..3eab78a885
--- /dev/null
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/request_forgery_protection.rb
@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Enable origin-checking CSRF mitigation.
+Rails.application.config.action_controller.forgery_protection_origin_check = true
-- 
cgit v1.2.3