File obs-server-2.10-0112-Enable-per-form-CSRF-token... of Package obs-server

Overview Repositories Revisions Requests Users Attributes Meta

File obs-server-2.10-0112-Enable-per-form-CSRF-tokens-and-origin-checking-CSRF.patch of Package obs-server

From 1e2d62850d7730f9f1d955e210430889c66e59cd Mon Sep 17 00:00:00 2001
From: Lukas Krause <lkrause@suse.de>
Date: Fri, 14 Feb 2020 17:27:54 +0100
Subject: [PATCH] Enable per-form CSRF tokens and origin-checking CSRF
 mitigation

Both features got introduced with Rails 5.0 and bring some
improvements in terms of security. Both features dont break
the setup, so we can enable them.
---
 .../config/initializers/new_framework_defaults.rb   | 13 -------------
 1 file changed, 13 deletions(-)
 delete mode 100644 src/api/config/initializers/new_framework_defaults.rb

diff --git a/src/api/config/initializers/new_framework_defaults.rb b/src/api/config/initializers/new_framework_defaults.rb
deleted file mode 100644
index b557d1218e..0000000000
--- a/src/api/config/initializers/new_framework_defaults.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-# Be sure to restart your server when you modify this file.
-#
-# This file contains migration options to ease your Rails 5.0 upgrade.
-#
-# Once upgraded flip defaults one by one to migrate to the new default.
-#
-# Read the Rails 5.0 release notes for more info on each option.
-
-# Enable per-form CSRF tokens. Previous versions had false.
-Rails.application.config.action_controller.per_form_csrf_tokens = false
-
-# Enable origin-checking CSRF mitigation. Previous versions had false.
-Rails.application.config.action_controller.forgery_protection_origin_check = false
-- 
2.35.3

Places

File obs-server-2.10-0112-Enable-per-form-CSRF-tokens-and-origin-checking-CSRF.patch of Package obs-server

Places