This project is archived and is in readonly mode.

#4136 ✓resolved
codesnik

allow_forgery_protection is false even in development environment by default

Reported by codesnik | March 9th, 2010 @ 10:38 AM | in 3.0.2

seems that recent commit 01f0e47663bbbc593af0c36d4cf49124b200e3d8 (Move request forgery protection configuration to the AC config object) is the offender.

config.request_forgery_protection_token ||= true
in
actionpack/lib/action_controller/metal/request_forgery_protection.rb
seems to work on a different @config, not on the ApplicationController::Base one. probably executed too late to be copied/inherited properly.

I've tried to fix it, but failed. Hope this message would help.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Attachments

Referenced by

Pages