app/controllers/dashboard_controller.rb from CommunityGrows/communitygrows

app/controllers/dashboard_controller.rb

Summary

Maintainability

0 mins

Test Coverage

Issues
Source
Stats

'protect_from_forgery' should be called in DashboardController
Open

class DashboardController < ActionController::Base

Found in app/controllers/dashboard_controller.rb by brakeman

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Cross-site request forgery is #5 on the OWASP Top Ten. CSRF allows an attacker to perform actions on a website as if they are an authenticated user.

This warning is raised when no call to protect_from_forgery is found in ApplicationController. This method prevents CSRF.

For Rails 4 applications, it is recommended that you use protect_from_forgery :with => :exception. This code is inserted into newly generated applications. The default is to nil out the session object, which has been a source of many CSRF bypasses due to session memoization.

See the Ruby Security Guide for details.

CommunityGrows/communitygrows

Summary

Maintainability

Test Coverage

'protect_from_forgery' should be called in DashboardController
Open

There are no issues that match your filters.

Category

Status

CommunityGrows/communitygrows

Summary

Maintainability

Test Coverage

'protect_from_forgery' should be called in DashboardController Open

There are no issues that match your filters.

Category

Status

'protect_from_forgery' should be called in DashboardController
Open