Skip to content
Snippets Groups Projects
Commit 3a26efe5 authored by smayer's avatar smayer
Browse files

Activate CSRF protection for XHR/Ajax requests but allow them from any origin

parent 2a9ae897
No related branches found
No related tags found
1 merge request!2Merging development into onb as preparation for Annolyzer release
Hide whitespace changes
Inline Side-by-side
config/environments/development.rb
+ 2
3
View file @ 3a26efe5
......@@ -73,10 +73,9 @@ Rails.application.configure do
# routes, locales, etc. This feature depends on the listen gem.
config.file_watcher = ActiveSupport::EventedFileUpdateChecker
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
# Allow Action Cable access from any origin.
config.action_cable.url = "http://127.0.0.1:3000/cable"
config.action_cable.disable_request_forgery_protection = true
# Allow XHR/Ajax requests from different origin
config.action_controller.forgery_protection_origin_check = false
config.action_controller.default_protect_from_forgery = false
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment