1
我正在使用brakeman
gem
来扫描我的应用程序。Ruby On Rails - 这些Brakeman警告是什么意思?
扫描应用程序后,我得到以下警告:
#Security warnings
Method | Warning Type | Message
------------------------------------------------------
show | Unscoped Find | Unscoped call to PatientMessage#find near line 27: Message.find(+params[:id]+)
------------------------------------------------------
#Controller warnings:
Controller | Warning Type | Message
----------------------------------------------------------------------------
ApplicationController | Cross-Site Request Forgery | 'protect_from_forgery' should be called in ApplicationController
有人能帮助找出这些警告是什么意思?
继文档之后,我添加了以下代码:应该在ApplicationController警告中调用'protect_from_forgery:with =>:exception'来解决''protect_from_forgery''。但是,这打破了我的设计认证服务。 –