From: Tom Hughes <tom@compton.nu>
Date: Tue, 1 Mar 2022 18:39:08 +0000 (+0000)
Subject: Enable open redirect protection
X-Git-Tag: live~1769
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/304eb3b75c6605a11b5a43dea3ebae490670967b?ds=inline

Enable open redirect protection
---

diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb
index a5edd72ff..e41b6c7d1 100644
--- a/config/initializers/new_framework_defaults_7_0.rb
+++ b/config/initializers/new_framework_defaults_7_0.rb
@@ -73,7 +73,7 @@ Rails.application.config.active_record.verify_foreign_keys_for_fixtures = true
 Rails.application.config.active_record.partial_inserts = false
 
 # Protect from open redirect attacks in `redirect_back_or_to` and `redirect_to`.
-# Rails.application.config.action_controller.raise_on_open_redirects = true
+Rails.application.config.action_controller.raise_on_open_redirects = true
 
 # Change the variant processor for Active Storage.
 # Changing this default means updating all places in your code that