view config/initializers/request_forgery_protection.rb @ 211:e07f6ea17deb

Less xhtml more escaping It looks like some older tweets aren't quite escaped properly for xhtml. Example (assuming not deleted): https://twitter.com/aaaa/status/169688458900668416
author nanaya <me@nanaya.pro>
date Fri, 11 Dec 2020 03:31:25 +0900
parents 257910c60eb3
children
line wrap: on
line source

# Be sure to restart your server when you modify this file.

# Enable origin-checking CSRF mitigation.
Rails.application.config.action_controller.forgery_protection_origin_check = true