Use urlsafe_csrf_tokens to allow migrating from Rails 5.2.5+

2021-05-12 14:14:50 +02:00
parent 12a96ef0c4
commit 504bb07ae1
4 changed files with 49 additions and 37 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -13,6 +13,11 @@ module CodeOcean
    # Initialize configuration defaults for originally generated Rails version.
    config.load_defaults 6.0

+    # In Rails 5.2.5, the CSRF token format is accidentally changed to urlsafe-encoded.
+    # If you upgrade apps from 5.2.5, set the config `urlsafe_csrf_tokens = true`.
+    # ToDo: Remove after upgrade to Rails 6.1
+    Rails.application.config.action_controller.urlsafe_csrf_tokens = true
+
    # Settings in config/environments/* take precedence over those specified here.
    # Application configuration can go into files in config/initializers
    # -- all .rb files in that directory are automatically loaded after loading