Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add/configure new framework defaults for rails 7.0 #7933

Merged
merged 2 commits into from
Oct 2, 2023
Merged

Add/configure new framework defaults for rails 7.0 #7933

merged 2 commits into from
Oct 2, 2023

Conversation

gbp
Copy link
Member

@gbp gbp commented Oct 2, 2023

Enable open redirect protection

By default, Rails protects against redirecting to external hosts for your app's safety, so called open redirects. Note: this was a new default in Rails 7.0, after upgrading opt-in by uncommenting the line with raise_on_open_redirects in config/initializers/new_framework_defaults_7_0.rb

@gbp
Add new Rails 7.0 framework defaults file
8c56373 
None of these are enabled yet but we will be going through them in #5851
@gbp
Update application config
9a09e60 
Protect against redirects to third party sites by enabling
`action_controller.raise_on_open_redirects`.
@gbp gbp merged commit 4438f0e into develop Oct 2, 2023
5 checks passed
@gbp gbp added the on-staging label Oct 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
on-staging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@gbp