Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
add report_csrf_failure, enable custom reports #1573
I would prefer if the old key still worked with a warning, for those that configured it.
Just to validate: The current solution doesn't short-circuit in the middleware stack, but instead halts in the routing layer by adding a condition to all routes that halts by default? Seems good to me.
The previous version stemmed from the fact that I tried to keep as close to Rack::Protection standard behaviour as possible.