Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
False positive for protect_from_forgery on Rails 5.2 #1132
Brakeman version: 4.0.1
Link to Rails application code:
There is no link, but scaffolding a new project with
Full warning from Brakeman:
Why might this be a false positive?
The new default for Rails 5.2 is to set it via the Rails config:
# config/initializers/new_framework_defaults_5_2.rb Rails.application.config.action_controller.default_protect_from_forgery = true
So it's completely fine if you don't have
Thank you all around for your work on this, helped me to catch a couple of things in several projects already, woop!