Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Site updated at 2015-04-16 22:46:44 UTC

  • Loading branch information...
commit 78d13db51d04a3aac8987303ac88580c6157ef07 1 parent 9052c80
@presidentbeef authored
View
2  atom.xml
@@ -4,7 +4,7 @@
<title>Brakeman - Rails Security Scanner</title>
<link href="http://brakemanscanner.org/atom.xml" rel="self"/>
<link href="http://brakemanscanner.org/"/>
- <updated>2015-03-25T19:27:05-04:00</updated>
+ <updated>2015-04-16T18:46:33-04:00</updated>
<id>http://brakemanscanner.org/</id>
<author>
<name>Justin Collins</name>
View
2  docs/warning_types/cross-site_request_forgery/index.html
@@ -110,6 +110,8 @@ <h1 class="entry-title">Cross Site Request Forgery</h1>
<p>This warning is raised when no call to <code>protect_from_forgery</code> is found in <code>ApplicationController</code>. This method prevents CSRF.</p>
+<p>For Rails 4 applications, it is recommended that you use <code>protect_from_forgery :with =&gt; :exception</code>. This code is inserted into newly generated applications. The default is to <code>nil</code> out the session object, which has been a source of many CSRF bypasses due to session memoization.</p>
+
<p>See <a href="http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf">the Ruby Security Guide</a> for details.</p>
<hr />
View
2  sitemap.xml
@@ -304,7 +304,7 @@
</url>
<url>
<loc>http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/</loc>
- <lastmod>2015-01-23T15:15:30-05:00</lastmod>
+ <lastmod>2015-04-16T18:45:42-04:00</lastmod>
</url>
<url>
<loc>http://brakemanscanner.org/docs/warning_types/CVE-2011-0446/</loc>
Please sign in to comment.
Something went wrong with that request. Please try again.