Permalink
Browse files

default to drop_session protection (should play nice with APIs and lo…

…gin pages)
  • Loading branch information...
1 parent f948c23 commit 03465b14f6d75e6e32b76daa372586169d1e7c76 @rkh rkh committed May 29, 2012
Showing with 1 addition and 0 deletions.
  1. +1 −0 lib/sinatra/base.rb
View
@@ -1474,6 +1474,7 @@ def setup_protection(builder)
options = Hash === protection ? protection.dup : {}
options[:except] = Array options[:except]
options[:except] += [:session_hijacking, :remote_token] unless sessions?
+ options[:reaction] ||= :drop_session
builder.use Rack::Protection, options
end

0 comments on commit 03465b1

Please sign in to comment.