Avoid user enumeration with devise paranoid mode (#1527)

This commit is contained in:
Yann GUERN 2017-04-11 14:21:15 +02:00 committed by Eugen
parent c9b9225951
commit a85d4473aa

View File

@ -74,7 +74,8 @@ Devise.setup do |config|
# It will change confirmation, password recovery and other workflows # It will change confirmation, password recovery and other workflows
# to behave the same regardless if the e-mail provided was right or wrong. # to behave the same regardless if the e-mail provided was right or wrong.
# Does not affect registerable. # Does not affect registerable.
# config.paranoid = true # See : https://github.com/plataformatec/devise/wiki/How-To:-Using-paranoid-mode,-avoid-user-enumeration-on-registerable
config.paranoid = true
# By default Devise will store the user in session. You can skip storage for # By default Devise will store the user in session. You can skip storage for
# particular strategies by setting this option. # particular strategies by setting this option.