From 03b78604ab4c9991d6766d0014b06aa923f06dde Mon Sep 17 00:00:00 2001 From: Lev Kokotov Date: Tue, 4 Aug 2020 15:07:50 -0700 Subject: [PATCH] [pghero] CSRF vulnerability --- app/controllers/pg_hero/home_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/pg_hero/home_controller.rb b/app/controllers/pg_hero/home_controller.rb index e6d158464..2470a01f9 100644 --- a/app/controllers/pg_hero/home_controller.rb +++ b/app/controllers/pg_hero/home_controller.rb @@ -2,7 +2,7 @@ module PgHero class HomeController < ActionController::Base layout "pg_hero/application" - protect_from_forgery + protect_from_forgery with: :exception # https://github.com/ankane/pghero/commit/14b67b32fed19a30aaf9826ee72f2a29cda604e9 http_basic_authenticate_with name: ENV["PGHERO_USERNAME"], password: ENV["PGHERO_PASSWORD"] if ENV["PGHERO_PASSWORD"]