Log In
Log In
Places
All Projects
Status Monitor
Collapse sidebar
obs:server:fedora:2.10:testing
obs-server
obs-server-2.10-0112-Enable-per-form-CSRF-token...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File obs-server-2.10-0112-Enable-per-form-CSRF-tokens-and-origin-checking-CSRF.patch of Package obs-server
From 1e2d62850d7730f9f1d955e210430889c66e59cd Mon Sep 17 00:00:00 2001 From: Lukas Krause <lkrause@suse.de> Date: Fri, 14 Feb 2020 17:27:54 +0100 Subject: [PATCH] Enable per-form CSRF tokens and origin-checking CSRF mitigation Both features got introduced with Rails 5.0 and bring some improvements in terms of security. Both features dont break the setup, so we can enable them. --- .../config/initializers/new_framework_defaults.rb | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 src/api/config/initializers/new_framework_defaults.rb diff --git a/src/api/config/initializers/new_framework_defaults.rb b/src/api/config/initializers/new_framework_defaults.rb deleted file mode 100644 index b557d1218e..0000000000 --- a/src/api/config/initializers/new_framework_defaults.rb +++ /dev/null @@ -1,13 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 5.0 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Rails 5.0 release notes for more info on each option. - -# Enable per-form CSRF tokens. Previous versions had false. -Rails.application.config.action_controller.per_form_csrf_tokens = false - -# Enable origin-checking CSRF mitigation. Previous versions had false. -Rails.application.config.action_controller.forgery_protection_origin_check = false -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Log In
Places
Places
All Projects
Status Monitor