Skip to content

Potential fix for code scanning alert no. 3: CSRF protection not enabled#6

Merged
washu merged 1 commit into
mainfrom
alert-autofix-3
May 13, 2026
Merged

Potential fix for code scanning alert no. 3: CSRF protection not enabled#6
washu merged 1 commit into
mainfrom
alert-autofix-3

Conversation

@washu

@washu washu commented May 13, 2026

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/washu/solid_queue_mongoid/security/code-scanning/3

To fix this, explicitly enable Rails CSRF protection in spec/dummy/app/controllers/application_controller.rb by adding:

  • protect_from_forgery with: :exception

Best single fix without changing existing functionality: add that line inside ApplicationController (immediately under the class declaration). This applies CSRF checks consistently to controllers inheriting from this base and uses the safer :exception behavior instead of weaker session nulling behavior.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@washu washu marked this pull request as ready for review May 13, 2026 19:15
@washu washu merged commit 67ff85c into main May 13, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant