Closed tomholford closed 4 years ago
Per https://github.com/rails/rails/commit/ec4a836919c021c0a5cf9ebeebb4db5e02104a55 on July 11, 2017, protect_from_forgery is now enabled by default in all Rails applications (5.2+). Thus, this change simplifies the README guide by removing the extraneous method call.
protect_from_forgery
README
See this issue for additional discussion: https://github.com/rails/rails/issues/29193
This will hopefully prevent someone from doing what I just did in a Rails 6 project:
pundit
ApplicationController
edit Adding a link to the Rails docs that confirms this behavior:
https://edgeguides.rubyonrails.org/configuring.html#configuring-action-controller
Per https://github.com/rails/rails/commit/ec4a836919c021c0a5cf9ebeebb4db5e02104a55 on July 11, 2017,
protect_from_forgeryis now enabled by default in all Rails applications (5.2+). Thus, this change simplifies theREADMEguide by removing the extraneous method call.See this issue for additional discussion: https://github.com/rails/rails/issues/29193
This will hopefully prevent someone from doing what I just did in a Rails 6 project:
pundit, and on Step 1 was looking for theprotect_from_forgerymethod call inApplicationControlleredit Adding a link to the Rails docs that confirms this behavior:
https://edgeguides.rubyonrails.org/configuring.html#configuring-action-controller