Patch #36317

Set default protect from forgery true

Added by Takashi Kato about 1 month ago. Updated 4 days ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Marius BALTEANU% Done:

0%

Category:Rails support
Target version:5.0.0

Description

In Rails 5.2 and later, the default is to raise an exception for invalid CSRF tokens, and there is a configuration for that.

https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application/configuration.rb#L123

In Rails 7 and later, the current implementation causes a Deprecation Warning.

0001-set-default_protect_from_forgery-true.patch Magnifier (2.07 KB) Takashi Kato, 2021-12-14 23:42


Related issues

Related to Redmine - Feature #36320: Migrate to Rails 7 New

Associated revisions

Revision 21379
Added by Marius BALTEANU 4 days ago

Set default protect from forgery true (#36317).

Patch by Takashi Kato.

History

#1 Updated by Go MAEDA about 1 month ago

  • Target version set to Candidate for next major release

#2 Updated by Go MAEDA about 1 month ago

#3 Updated by Marius BALTEANU 20 days ago

  • Assignee set to Marius BALTEANU

#4 Updated by Marius BALTEANU 4 days ago

  • Status changed from New to Closed
  • Target version changed from Candidate for next major release to 5.0.0

Patch committed, thanks!

Also available in: Atom PDF