Make CSRF failure logging optional/configurable. #14280
Added the log_warning_on_csrf_failure option to ActionController::RequestForgeryProtection
My reasoning being that I'm using papertrailapp on an app that is maybe 80% API and I'm explicitly using null_session to ignore CSRF problems on my API endpoints safely, but am getting a lot of log noise which isn't very helpful. I thought about overriding
The other implementation options I've thought of:
I prefer it to be a config option because that way I don't have to worry about keeping my CSRF stuff in sync with rails over time, because honestly I'm unlikely to, and then security will happen to me.