kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Protect controllers from potential CSRF attacks. #4216 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3051 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Eric Davis 2009-11-14 19:41:07 +00:00
parent 93bf1df5d4
commit ea0bc56a65
4 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/application_controller.rb
View File

@ -25,6 +25,7 @@ class ApplicationController < ActionController::Base
before_filter :user_setup, :check_if_login_required, :set_localization before_filter :user_setup, :check_if_login_required, :set_localization
filter_parameter_logging :password filter_parameter_logging :password
protect_from_forgery
include Redmine::Search::Controller include Redmine::Search::Controller
include Redmine::MenuManager::MenuController include Redmine::MenuManager::MenuController

3
config/environments/test.rb
View File

@ -21,6 +21,9 @@ config.action_controller.session = {
:secret => "some secret phrase for the tests." :secret => "some secret phrase for the tests."
} }
# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
config.action_controller.allow_forgery_protection = false
config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com" config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com"
config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com" config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com"
config.gem "mocha" config.gem "mocha"

3
config/environments/test_pgsql.rb
View File

@ -21,6 +21,9 @@ config.action_controller.session = {
:secret => "some secret phrase for the tests." :secret => "some secret phrase for the tests."
} }
# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
config.action_controller.allow_forgery_protection = false
config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com" config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com"
config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com" config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com"
config.gem "mocha" config.gem "mocha"

3
config/environments/test_sqlite3.rb
View File

@ -21,6 +21,9 @@ config.action_controller.session = {
:secret => "some secret phrase for the tests." :secret => "some secret phrase for the tests."
} }
# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
config.action_controller.allow_forgery_protection = false
config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com" config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com"
config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com" config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com"
config.gem "mocha" config.gem "mocha"