You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is no link, but scaffolding a new project with rails new projectName is enough to reproduce this.
Issue
False Positive
Full warning from Brakeman:
== Warnings ==
Confidence: High
Category: Cross-Site Request Forgery
Check: ForgerySetting
Message: 'protect_from_forgery' should be called in ApplicationController
File: app/controllers/application_controller.rb
Line: 1
Why might this be a false positive?
The new default for Rails 5.2 is to set it via the Rails config:
Background
Brakeman version: 4.0.1
Rails version: 5.2.0.beta.2
Ruby version: 2.4.1
Link to Rails application code:
There is no link, but scaffolding a new project with
rails new projectName
is enough to reproduce this.Issue
False Positive
Full warning from Brakeman:
Why might this be a false positive?
The new default for Rails 5.2 is to set it via the Rails config:
So it's completely fine if you don't have
protect_from_forgery
set in your ApplicationController, if this is set to true.Thank you all around for your work on this, helped me to catch a couple of things in several projects already, woop!
The text was updated successfully, but these errors were encountered: