From: Tom Hughes <tom@compton.nu>
Date: Thu, 13 May 2021 18:52:02 +0000 (+0100)
Subject: Enable use of URL safe CSRF tokens
X-Git-Tag: live~1623
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/afc4c6fde1f1ed9350cd35a433e841dbf07d244f

Enable use of URL safe CSRF tokens
---

diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb
index 9526b835a..27330872d 100644
--- a/config/initializers/new_framework_defaults_6_1.rb
+++ b/config/initializers/new_framework_defaults_6_1.rb
@@ -29,7 +29,7 @@
 #
 # This change is not backwards compatible with earlier Rails versions.
 # It's best enabled when your entire app is migrated and stable on 6.1.
-# Rails.application.config.action_controller.urlsafe_csrf_tokens = true
+Rails.application.config.action_controller.urlsafe_csrf_tokens = true
 
 # Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an
 # UTC offset or a UTC time.