Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

disable XML params, they are just used by malicious bots to determine if we have XML vuls.

This commit is contained in:
Sam 2013-09-16 12:58:26 +10:00
parent 1eb1756dcf
commit 6ca6853392
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/application.rb
View File

@ -129,5 +129,11 @@ module Discourse
config.after_initialize do config.after_initialize do
OpenID::Util.logger = Rails.logger OpenID::Util.logger = Rails.logger
end end
# This is not really required per-se, but we do not want to support
# XML params, we see errors in our logs about malformed XML and there
# absolutly no spot in our app were we use XML as opposed to JSON endpoints
ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
end end
end end