New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warning when `protected_from_forgery` is mixed in. #958

merged 1 commit into from Nov 29, 2016


None yet
2 participants

louim commented Nov 7, 2016

Hi! since #953 was merged in, we started to see 'protect_from_forgery' should be called in ... in our controllers that were not inheriting from the ApplicationController.

I had a look, and it seems that it's because we are mixin in the protect_form_forgery in those controllers. I added a failing test case that should normally not generate a warning. My knowledge of the Brakeman codebase was not enough for me to create a fix.

Let me know if I can do anything else to help!


This comment has been minimized.

Show comment
Hide comment

presidentbeef Nov 10, 2016


Hi Louis-Michel,

Thank you for the nice test case! I will see about fixing this.


presidentbeef commented Nov 10, 2016

Hi Louis-Michel,

Thank you for the nice test case! I will see about fixing this.

presidentbeef added a commit that referenced this pull request Nov 28, 2016

@presidentbeef presidentbeef merged commit 8d6f92a into presidentbeef:master Nov 29, 2016

1 check failed

continuous-integration/travis-ci/pr The Travis CI build failed

Repository owner locked and limited conversation to collaborators Apr 4, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.