Suggest 'strict-origin' Referrer-Policy header
This commit is contained in:
parent
98e380f024
commit
f80871fe60
|
@ -431,7 +431,7 @@ module ActionController #:nodoc:
|
|||
The browser returned a 'null' origin for a request with origin-based forgery protection turned on. This usually
|
||||
means you have the 'no-referrer' Referrer-Policy header enabled, or that the request came from a site that
|
||||
refused to give its origin. This makes it impossible for Rails to verify the source of the requests. Likely the
|
||||
best solution is to change your referrer policy to something less strict like same-origin or strict-same-origin.
|
||||
best solution is to change your referrer policy to something less strict like same-origin or strict-origin.
|
||||
If you cannot change the referrer policy, you can disable origin checking with the
|
||||
Rails.application.config.action_controller.forgery_protection_origin_check setting.
|
||||
MSG
|
||||
|
|
Loading…
Reference in New Issue