Skip to content

Commit

Permalink
Merge pull request #68 from YaleSTC/65_security
Browse files Browse the repository at this point in the history 
CSRF protection and SSL-only
  • Loading branch information
@caseywatts
caseywatts committed Nov 17, 2014
2 parents 19448ea + d413ab3 commit 0306c7e
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
1 change: 1 addition & 0 deletions app/controllers/application_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
class ApplicationController < ActionController::Base
protect_from_forgery

before_action CASClient::Frameworks::Rails::Filter
before_action :current_user
Expand Down
3 changes: 3 additions & 0 deletions config/application.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,8 @@ class Application < Rails::Application

# Autoload lib/ folder including all subdirectories
config.autoload_paths += Dir["#{config.root}/lib", "#{config.root}/lib/**/"]

# Use SSL for everything, including cookies
config.force_ssl = true
end
end

0 comments on commit 0306c7e

Please sign in to comment.