search

varvet / pundit

Minimal authorization through OO design and pure Ruby classes
MIT License
8.26k stars 627 forks source link

Update README.md #640

Closed benkoshy closed 3 years ago

benkoshy commented 4 years ago

add note re: protect_from_forgery

adambutler commented 4 years ago

I was just starting a new Rails 6 project and saw this in the README. I thought protect_from_forgery was a Rails method but wasn't 100% certain so searched this codebase for the method definition landing on this issue.

I think protect_from_forgery should be removed to remove confusion and instead change it to:

class ApplicationController < ActionController::Base
  include Pundit

   # ...
end
dgmstuart commented 3 years ago

This was resolved by https://github.com/varvet/pundit/pull/651