Configuration: Security
Security configuration options are defined in the application under the security
namespace.
Cross-Site Request Forgery
Pakyow provides the following environment config options for cross-site request forgery:
security.csrf.origin_whitelist
: Requests from this list of origins are always allowed. Default:[]
security.csrf.allow_empty_referrer
: Iftrue
, requests without a referrer header are allowed. Default:true
security.csrf.param
: Name of the request param that contains the authenticity token. Default::authenticity_token
Example Usage
Security config lives in config/application.rb
:
Pakyow.app do
configure do
config.security.option = :value
end
end