Per-form CSRF tokens
monfresh opened this issue · comments
Hello. Is it worth adding a note about the new per-form CSRF tokens feature in Rails 5 and recommending to turn it on?
config.action_controller.per_form_csrf_tokens = true
Hey @monfresh, sorry for the late response. I haven't used this feature yet and "the attack described here is very niche" according to the Rails PR, so don't think it's worth including.