mirror of https://github.com/rails/rails
Generated engines should protect from forgery
Generated engines should call `protect_from_forgery`. If this method isn't called, then the Engine could be susceptible to XSS attacks. Thanks @tomekr for reporting this to us! Conflicts: railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt railties/test/generators/plugin_generator_test.rb
This commit is contained in:
parent
c7d2f4caed
commit
331210df7c
|
@ -1,4 +1,5 @@
|
|||
module <%= camelized %>
|
||||
class ApplicationController < ActionController::Base
|
||||
protect_from_forgery :with => :exception
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue