Patch #36317
Set default protect from forgery true
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Marius BALTEANU | % Done: | 0% | |
| Category: | Rails support | |||
| Target version: | 5.0.0 |
Description
In Rails 5.2 and later, the default is to raise an exception for invalid CSRF tokens, and there is a configuration for that.
https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application/configuration.rb#L123
In Rails 7 and later, the current implementation causes a Deprecation Warning.
Related issues
Associated revisions
Set default protect from forgery true (#36317).
Patch by Takashi Kato.
History
#2
Updated by Go MAEDA 7 months ago
- Related to Feature #36320: Migrate to Rails 7 added
#3
Updated by Marius BALTEANU 6 months ago
- Assignee set to Marius BALTEANU
#4
Updated by Marius BALTEANU 5 months ago
- Status changed from New to Closed
- Target version changed from Candidate for next major release to 5.0.0
Patch committed, thanks!
#5
Updated by Go MAEDA about 1 month ago
- Related to Defect #37030: Requests fail with "Can't verify CSRF token authenticity" in mail handler added