Closed woto closed 4 years ago
@hopsoft can you take a look at this when you get a chance?
@coderberry I'll take a look - need to test a few things
@andrewmcodes No, all is correct. But as a usual developer, I didn't read instructions (joking). I read it, but successfully ignored step:
bundle exec rails dev:cache
as I perceived this step as optional.
It is recommended to develop with Rails cache enabled.
This application relies heavily on caching and may not work properly without the cache enabled.
And then I delved into the guts of the ActionController::RequestForgeryProtection to realize why I'm unable to login. At least with this change, we can log in to backend in the opposite of nothing. I think if you are against this change then this installation step in documentation should be changed to obligatory. Agree with me?
@all-contributors please add @woto for code
@andrewmcodes
I've put up a pull request to add @woto! :tada:
@andrewmcodes Cool, thanks. I'm Looking forward weekends to discovering about this project more, because of interests in this area
Type of PR
Description
In case of absence of
caching-dev.txt
cache_store initializes as :null_store
and later when it uses as session store
it simply disables Rails
session
functionality. As a result there is no way to do almost all actions which relies on Rails security csrf mechanism.Checklist