Merge pull request #1375 from alphagov/sengi/csrf

Fix CWE-352 CSRF protection weakness.
alphagov · Jan 25, 2024 · d21e41d · d21e41d
2 parents de57050 + 1e65fb7
commit d21e41d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
 
   before_action :authenticate_user!
 
-  protect_from_forgery
+  protect_from_forgery with: :exception
 
   def error_400
     error 400