disable XML params, they are just used by malicious bots to determine if we have XML vuls.

2024-11-25 09:42:07 +08:00 · 2013-09-16 12:58:26 +10:00 · 2013-09-16 12:58:26 +10:00 · 6ca6853392
commit 6ca6853392
parent 1eb1756dcf
1 changed files with 6 additions and 0 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -129,5 +129,11 @@ module Discourse
    config.after_initialize do
      OpenID::Util.logger = Rails.logger
    end
+
+    # This is not really required per-se, but we do not want to support
+    # XML params, we see errors in our logs about malformed XML and there
+    # absolutly no spot in our app were we use XML as opposed to JSON endpoints
+    ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
+
  end
 end