Files
fizzy/app/controllers
Mike Dalessio 41675224d0 Remove redundant insecure context CSRF check
Rails now handles the insecure context case natively in
verified_via_header_only? — when Sec-Fetch-Site is missing and the
request is plain HTTP without force_ssl, the request is allowed.

Remove the now-redundant allowed_insecure_context_request? method and
update the test to set ActionDispatch::Http::URL.secure_protocol
alongside Rails.configuration.force_ssl so the upstream check works
correctly in the test environment.
2026-02-18 14:06:46 -05:00
..
2026-02-02 18:06:19 +01:00
2026-02-17 13:57:24 +01:00
2025-09-22 12:55:19 +02:00
2026-02-12 14:55:34 +03:00
2025-11-03 15:27:12 +01:00
2026-02-17 10:37:23 +03:00
2025-11-18 15:48:40 +01:00
2025-12-11 11:20:43 +00:00