Brakemanによるセキュリティ警告の対処

.gitignore

@@ -16,3 +16,6 @@
 *.swp
 /nbproject
 /public/assets/*
+
+# Old(Rails < 4.1) Secret Token
+config/initializers/secret_token.rb

Gemfile

@@ -41,6 +41,11 @@ group :development, :test do
   gem 'cucumber'
   gem 'cucumber-rails', :require => false
 end
+
+group :development do
+  gem 'brakeman'
+end
+
 gem 'pusher'
 
 gem 'therubyracer'

Gemfile.lock

@@ -42,6 +42,7 @@ GEM
       public_suffix (>= 2.0.2, < 4.0)
     arel (8.0.0)
     backports (3.11.1)
+    brakeman (4.2.0)
     builder (3.2.3)
     capybara (2.18.0)
       addressable
@@ -247,6 +248,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  brakeman
   capybara
   coffee-rails
   cucumber

app/controllers/application_controller.rb

@@ -1,5 +1,5 @@
 class ApplicationController < ActionController::Base
-  protect_from_forgery
+  protect_from_forgery with: :exception
   include ERB::Util
 
   def login?

app/controllers/authentication_controller.rb

@@ -1,4 +1,4 @@
-class AuthenticationController < ActionController::Base
+class AuthenticationController < ApplicationController
   def index
     @callback_url = params[:callback]
     render layout: 'top'

app/views/layouts/application.html.erb

@@ -40,8 +40,8 @@
                 </div>
               <% end %>
 
-              <div id="channel_name_static" style="display:inline;"><%== @channel.name %></div>
-              <div id="channel_name_edit" style="display:none;"><%== f.text_field :name %></div>
+              <div id="channel_name_static" style="display:inline;"><%= @channel.name %></div>
+              <div id="channel_name_edit" style="display:none;"><%= f.text_field :name %></div>
             <% end %><% end %>
           </div>
           <p class="nav pull-right logout">