summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorRémy Coutable <remy@rymai.me>2019-01-21 08:01:26 +0000
committerRémy Coutable <remy@rymai.me>2019-01-21 08:01:26 +0000
commit764f26785a0af9aaa472537e56386ffd5ce3d875 (patch)
tree8908edb44e44db59a2368513a97d4f03a9113c39 /config
parent93a93174c2978834d529f7ee5f1d62682ee5a536 (diff)
parent4724afa0059803b9ada7f1f888fb5595767ae7aa (diff)
downloadgitlab-ce-764f26785a0af9aaa472537e56386ffd5ce3d875.tar.gz
Merge branch 'raise-on-unfiltered-params' into 'master'
Set ActionController raise_on_unfiltered_parameters to true See merge request gitlab-org/gitlab-ce!24443
Diffstat (limited to 'config')
-rw-r--r--config/application.rb3
-rw-r--r--config/initializers/new_framework_defaults.rb2
2 files changed, 3 insertions, 2 deletions
diff --git a/config/application.rb b/config/application.rb
index 349c7258852..92a3d031c63 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -162,6 +162,9 @@ module Gitlab
config.action_view.sanitized_allowed_protocols = %w(smb)
+ # Can be removed once upgraded to Rails 5.1 or higher
+ config.action_controller.raise_on_unfiltered_parameters = true
+
# Nokogiri is significantly faster and uses less memory than REXML
ActiveSupport::XmlMini.backend = 'Nokogiri'
diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb
index a1e0667bc6f..115ee08dbb6 100644
--- a/config/initializers/new_framework_defaults.rb
+++ b/config/initializers/new_framework_defaults.rb
@@ -8,8 +8,6 @@
#
# Read the Guide for Upgrading Ruby on Rails for more info on each option.
-Rails.application.config.action_controller.raise_on_unfiltered_parameters = true
-
# Enable per-form CSRF tokens. Previous versions had false.
Rails.application.config.action_controller.per_form_csrf_tokens = false