Skip to content
This repository
Browse code

Fix protect_against_forgery

  • Loading branch information...
commit 7f53dca1a13e21ec4400a765f637b73c0f194979 1 parent 562154f
Carlhuda authored
4 actionpack/lib/action_controller/railtie.rb
@@ -52,7 +52,9 @@ class Railtie < Rails::Railtie
52 52 ac.stylesheets_dir = paths.public.stylesheets.to_a.first
53 53 ac.secret = app.config.cookie_secret
54 54
55   - ActionController.base_hook { self.config.replace(ac) }
  55 + ActionController.base_hook do
  56 + self.config.merge!(ac)
  57 + end
56 58 end
57 59
58 60 initializer "action_controller.initialize_framework_caches" do
27 railties/test/application/configuration_test.rb
@@ -228,5 +228,32 @@ def index
228 228 get "/"
229 229 assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"]
230 230 end
  231 +
  232 + test "protect from forgery is the default in a new app" do
  233 + require "rails"
  234 + require "action_controller/railtie"
  235 +
  236 + class MyApp < Rails::Application
  237 + config.session_store :disabled
  238 +
  239 + routes.draw do
  240 + match "/" => "omg#index"
  241 + end
  242 +
  243 + class ::OmgController < ActionController::Base
  244 + protect_from_forgery
  245 +
  246 + def index
  247 + render :inline => "<%= csrf_meta_tag %>"
  248 + end
  249 + end
  250 + end
  251 +
  252 + require 'rack/test'
  253 + extend Rack::Test::Methods
  254 +
  255 + get "/"
  256 + assert last_response.body =~ /csrf\-param/
  257 + end
231 258 end
232 259 end

0 comments on commit 7f53dca

Please sign in to comment.
Something went wrong with that request. Please try again.