From 9cda1638bda7800b6f0f67d621ab04e1dbb7388a Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Sat, 22 Jan 2022 08:43:42 +0000
Subject: Set default protect from forgery true (#36317).

Patch by Takashi Kato.

git-svn-id: http://svn.redmine.org/redmine/trunk@21379 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 config/application.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'config/application.rb')

diff --git a/config/application.rb b/config/application.rb
index 902007d03..bba468f38 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -58,6 +58,9 @@ module RedmineApp
     # Do not include all helpers
     config.action_controller.include_all_helpers = false
 
+    # Add forgery protection
+    config.action_controller.default_protect_from_forgery = true
+
     # Sets the Content-Length header on responses with fixed-length bodies
     config.middleware.insert_before Rack::Sendfile, Rack::ContentLength
 
-- 
cgit v1.2.3