Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Site updated at 2015-04-16 22:46:44 UTC

  • Loading branch information...
commit 78d13db51d04a3aac8987303ac88580c6157ef07 1 parent 9052c80
@presidentbeef authored
2  atom.xml
@@ -4,7 +4,7 @@
<title>Brakeman - Rails Security Scanner</title>
<link href="" rel="self"/>
<link href=""/>
- <updated>2015-03-25T19:27:05-04:00</updated>
+ <updated>2015-04-16T18:46:33-04:00</updated>
<name>Justin Collins</name>
2  docs/warning_types/cross-site_request_forgery/index.html
@@ -110,6 +110,8 @@ <h1 class="entry-title">Cross Site Request Forgery</h1>
<p>This warning is raised when no call to <code>protect_from_forgery</code> is found in <code>ApplicationController</code>. This method prevents CSRF.</p>
+<p>For Rails 4 applications, it is recommended that you use <code>protect_from_forgery :with =&gt; :exception</code>. This code is inserted into newly generated applications. The default is to <code>nil</code> out the session object, which has been a source of many CSRF bypasses due to session memoization.</p>
<p>See <a href="">the Ruby Security Guide</a> for details.</p>
<hr />
2  sitemap.xml
@@ -304,7 +304,7 @@
- <lastmod>2015-01-23T15:15:30-05:00</lastmod>
+ <lastmod>2015-04-16T18:45:42-04:00</lastmod>
Please sign in to comment.
Something went wrong with that request. Please try again.