Enable new default: CSRF origin-check mitigation

myabc · myabc · commit 557d5ed5289e · 2018-04-24T23:35:30.000+01:00
diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb
@@ -6,9 +6,6 @@
 #
 # Read the Guide for Upgrading Ruby on Rails for more info on each option.
 
-# Enable origin-checking CSRF mitigation. Previous versions had false.
-Rails.application.config.action_controller.forgery_protection_origin_check = false
-
 # Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`.
 # Previous versions had false.
 ActiveSupport.to_time_preserves_timezone = false

Original file line number	Diff line number	Diff line change
`@@ -6,9 +6,6 @@`
`6`	`6`	`#`
`7`	`7`	`# Read the Guide for Upgrading Ruby on Rails for more info on each option.`
`8`	`8`
`9`		`-# Enable origin-checking CSRF mitigation. Previous versions had false.`
`10`		`-Rails.application.config.action_controller.forgery_protection_origin_check = false`
`11`		`-`
`12`	`9`	# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`.
`13`	`10`	`# Previous versions had false.`
`14`	`11`	`ActiveSupport.to_time_preserves_timezone = false`