Patch #36317: Set default protect from forgery true - Redmine

Patch #36317

Set default protect from forgery true

Added by Takashi Kato about 1 month ago. Updated 4 days ago.

Status:

Closed

Start date:

Priority:

Normal

Due date:

Assignee:

Marius BALTEANU

% Done:

0%

Category:

Rails support

Target version:

Description

In Rails 5.2 and later, the default is to raise an exception for invalid CSRF tokens, and there is a configuration for that.

https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application/configuration.rb#L123

In Rails 7 and later, the current implementation causes a Deprecation Warning.

0001-set-default_protect_from_forgery-true.patch (2.07 KB) Takashi Kato, 2021-12-14 23:42

Related issues

Associated revisions

Revision 21379
Added by Marius BALTEANU 4 days ago

Set default protect from forgery true (#36317).

Patch by Takashi Kato.

History

#1 Updated by Go MAEDA about 1 month ago

Target version set to Candidate for next major release

#2 Updated by Go MAEDA about 1 month ago

Related to Feature #36320: Migrate to Rails 7 added

#3 Updated by Marius BALTEANU 20 days ago

Assignee set to Marius BALTEANU

#4 Updated by Marius BALTEANU 4 days ago

Status changed from New to Closed
Target version changed from Candidate for next major release to 5.0.0

Patch committed, thanks!

Also available in: Atom PDF