Protect controllers from potential CSRF attacks. #4216

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3051 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Eric Davis <edavis@littlestreamsoftware.com> 2009-11-14 19:41:07 +0000
committer: Eric Davis <edavis@littlestreamsoftware.com> 2009-11-14 19:41:07 +0000
commit: ea0bc56a65102db1c6ad9a0c6942932d73fe9216 (patch)
tree: 5248fc00e74f9534b312053156cccbba00e652c9 /config/environments/test.rb
parent: 93bf1df5d40efa494f6448c6c140903b423ffaac (diff)
download: redmine-ea0bc56a65102db1c6ad9a0c6942932d73fe9216.tar.gz
redmine-ea0bc56a65102db1c6ad9a0c6942932d73fe9216.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 388d2022a..0d1b42e5b 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -21,6 +21,9 @@ config.action_controller.session = {
   :secret => "some secret phrase for the tests."
 }
 
+# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
+config.action_controller.allow_forgery_protection  = false
+
 config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com"
 config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com"
 config.gem "mocha"
author	Eric Davis <edavis@littlestreamsoftware.com>	2009-11-14 19:41:07 +0000
committer	Eric Davis <edavis@littlestreamsoftware.com>	2009-11-14 19:41:07 +0000
commit	ea0bc56a65102db1c6ad9a0c6942932d73fe9216 (patch)
tree	5248fc00e74f9534b312053156cccbba00e652c9 /config/environments/test.rb
parent	93bf1df5d40efa494f6448c6c140903b423ffaac (diff)
download	redmine-ea0bc56a65102db1c6ad9a0c6942932d73fe9216.tar.gz redmine-ea0bc56a65102db1c6ad9a0c6942932d73fe9216.zip