You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was recently added to typus to turn on CSRF protection. This shows that brakeman shouldn't just simply restrict itself to ApplicationControllers.
The text was updated successfully, but these errors were encountered:
Currently brakeman only performs
protect_from_forgery
checks in theApplicationController
. While this is sufficient for most cases, it fails to catch controllers that also inherit fromActionController::Base
but use a different name. Like for exampleBaseController
orAdminController
. See https://github.com/typus/typus/blob/master/app/controllers/admin/base_controller.rb#L1 and https://github.com/spree/spree/blob/148bcaf1e44081f940248d94d3aa6c5e95bb4fe2/api/app/controllers/spree/api/base_controller.rb#L5.This commit was recently added to typus to turn on CSRF protection. This shows that brakeman shouldn't just simply restrict itself to
ApplicationController
s.The text was updated successfully, but these errors were encountered: