Skip to content

Commit 6ca6853

Browse files
committed
disable XML params, they are just used by malicious bots to determine if we have XML vuls.
1 parent 1eb1756 commit 6ca6853

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

config/application.rb

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,5 +129,11 @@ class Application < Rails::Application
129129
config.after_initialize do
130130
OpenID::Util.logger = Rails.logger
131131
end
132+
133+
# This is not really required per-se, but we do not want to support
134+
# XML params, we see errors in our logs about malformed XML and there
135+
# absolutly no spot in our app were we use XML as opposed to JSON endpoints
136+
ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
137+
132138
end
133139
end

0 commit comments

Comments
 (0)