Files
fizzy/test/controllers
Mike Dalessio 41675224d0 Remove redundant insecure context CSRF check
Rails now handles the insecure context case natively in
verified_via_header_only? — when Sec-Fetch-Site is missing and the
request is plain HTTP without force_ssl, the request is allowed.

Remove the now-redundant allowed_insecure_context_request? method and
update the test to set ActionDispatch::Http::URL.secure_protocol
alongside Rails.configuration.force_ssl so the upstream check works
correctly in the test environment.
2026-02-18 14:06:46 -05:00
..
2026-02-02 18:22:07 +01:00
2025-12-16 16:44:20 +01:00
2025-12-11 10:36:56 +01:00
2025-11-24 12:04:33 +01:00
2026-02-12 14:55:34 +03:00
2025-06-24 13:26:37 +02:00
2026-02-02 18:22:07 +01:00
2026-02-17 10:37:23 +03:00