Skip to content
Browse files

Add http-only option to Rails app generator

Change application controller template accordingly, to inherit from
ActionController::HTTP and not generate protect_from_forgery call.

[Carlos Antonio da Silva & Santiago Pastorino]
  • Loading branch information...
1 parent 4c16791 commit 5c8c7ca2f99903533175e6da1da61fd349bce261 @carlosantoniodasilva carlosantoniodasilva committed with spastorino
View
3 railties/lib/rails/generators/app_base.rb
@@ -58,6 +58,9 @@ def self.add_shared_options_for(name)
class_option :skip_test_unit, :type => :boolean, :aliases => "-T", :default => false,
:desc => "Skip Test::Unit files"
+ class_option :http_only, :type => :boolean, :default => false,
+ :desc => "Preconfigure smaller stack for HTTP only apps"
+
class_option :help, :type => :boolean, :aliases => "-h", :group => :rails,
:desc => "Show this help message and quit"
end
View
5 railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
@@ -1,5 +0,0 @@
-class ApplicationController < ActionController::Base
- # prevent CSRF attacks by raising an exception,
- # if your application has an API, you'll probably need to use :reset_session
- protect_from_forgery :with => :exception
-end
View
5 ...ies/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::<%= options.http_only? ? "HTTP" : "Base" %>
+ # Prevent CSRF attacks by raising an exception.
+ # For APIs, you may want to use :reset_session instead.
+ <%= comment_if :http_only %>protect_from_forgery :with => :exception
+end
View
10 railties/test/generators/app_generator_test.rb
@@ -361,6 +361,16 @@ def test_active_record_dependent_restrict_raises_is_present_application_config
assert_file "config/application.rb", /config\.active_record\.dependent_restrict_raises = false/
end
+ def test_http_only_generates_application_controller_with_action_controller_http
+ run_generator [destination_root, "--http-only"]
+ assert_file "app/controllers/application_controller.rb", /class ApplicationController < ActionController::HTTP/
+ end
+
+ def test_http_only_generates_application_controller_with_protect_from_forgery_commented_out_setup
+ run_generator [destination_root, "--http"]
+ assert_file "app/controllers/application_controller.rb", /^ # protect_from_forgery/
+ end
+
def test_pretend_option
output = run_generator [File.join(destination_root, "myapp"), "--pretend"]
assert_no_match(/run bundle install/, output)

0 comments on commit 5c8c7ca

Please sign in to comment.
Something went wrong with that request. Please try again.