Skip to content

Commit

Permalink
Fixed CSRF vulnerability with Rails < 5.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@ankane
ankane committed Feb 2, 2023
1 parent 4b9c351 commit ec28965
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 0.1.2 (unreleased)

- Fixed CSRF vulnerability with Rails < 5.2 - [more info](https://github.com/ankane/clockwork_web/issues/4)

## 0.1.1 (2020-03-19)

- Fixed load error
Expand Down
2 changes: 2 additions & 0 deletions app/controllers/clockwork_web/home_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ class HomeController < ActionController::Base
layout false
helper ClockworkWeb::HomeHelper

protect_from_forgery with: :exception

http_basic_authenticate_with name: ENV["CLOCKWORK_USERNAME"], password: ENV["CLOCKWORK_PASSWORD"] if ENV["CLOCKWORK_PASSWORD"]

def index
Expand Down

0 comments on commit ec28965

Please sign in to comment.