Skip to content

Commit

Permalink
Fixed CSRF vulnerability with non-session based authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
ankane committed Aug 4, 2020
1 parent 8f190fa commit 14b67b3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
## 2.6.1 (unreleased)

- Fixed CSRF vulnerability with non-session based authentication
- Added `database`, `user`, and `query_hash` options to `reset_query_stats` method

## 2.6.0 (2020-07-09)
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/pg_hero/home_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ module PgHero
class HomeController < ActionController::Base
layout "pg_hero/application"

protect_from_forgery
protect_from_forgery with: :exception

http_basic_authenticate_with name: PgHero.username, password: PgHero.password if PgHero.password

Expand Down

0 comments on commit 14b67b3

Please sign in to comment.