summaryrefslogtreecommitdiffstats
path: root/config/application.rb
diff options
context:
space:
mode:
authorMarius Balteanu <marius.balteanu@zitec.com>2022-01-22 08:43:42 +0000
committerMarius Balteanu <marius.balteanu@zitec.com>2022-01-22 08:43:42 +0000
commit9cda1638bda7800b6f0f67d621ab04e1dbb7388a (patch)
tree32b1ee455f3d8e23d3f6d28e376a87b3aab7fce1 /config/application.rb
parentff2752f7362366bde3918bc733bb6f08e7b24cce (diff)
downloadredmine-9cda1638bda7800b6f0f67d621ab04e1dbb7388a.tar.gz
redmine-9cda1638bda7800b6f0f67d621ab04e1dbb7388a.zip
Set default protect from forgery true (#36317).
Patch by Takashi Kato. git-svn-id: http://svn.redmine.org/redmine/trunk@21379 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'config/application.rb')
-rw-r--r--config/application.rb3
1 files changed, 3 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb
index 902007d03..bba468f38 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -58,6 +58,9 @@ module RedmineApp
# Do not include all helpers
config.action_controller.include_all_helpers = false
+ # Add forgery protection
+ config.action_controller.default_protect_from_forgery = true
+
# Sets the Content-Length header on responses with fixed-length bodies
config.middleware.insert_before Rack::Sendfile, Rack::ContentLength