Actions
Patch #36317
closed
Set default protect from forgery true
Start date:
Due date:
% Done:
0%
Estimated time:
Description
In Rails 5.2 and later, the default is to raise an exception for invalid CSRF tokens, and there is a configuration for that.
https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application/configuration.rb#L123
In Rails 7 and later, the current implementation causes a Deprecation Warning.
Files
Related issues
Updated by Go MAEDA almost 3 years ago
- Target version set to Candidate for next major release
Updated by Go MAEDA almost 3 years ago
- Related to Feature #36320: Migrate to Rails 7.2 added
Updated by Marius BĂLTEANU almost 3 years ago
- Status changed from New to Closed
- Target version changed from Candidate for next major release to 5.0.0
Patch committed, thanks!
Updated by Go MAEDA over 2 years ago
- Related to Defect #37030: Requests fail with "Can't verify CSRF token authenticity" in mail handler added
Updated by Go MAEDA over 2 years ago
- Related to Defect #37562: POST Requests to repository WS fail with "Can't verify CSRF token authenticity" added
Actions