diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ab7a3d..ff74464 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,16 @@ # Changelog -## 3.0.0 (unreleased) +## 3.0.0 + +New feature: +* Allow cookie domain to be set via `Rails.application.config` (thanks, @gingermusketeer) Updated: * Dropped support for Rails < 4 +* Dropped official support for Ruby 2.2 though it should still work Testing: * Test against more recent versions of Ruby and Rails -* Dropped official support for Ruby 2.2 though it should still work ## 2.1.1 diff --git a/README.md b/README.md index f7df482..18ee333 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,22 @@ And then execute: That's it! -## Exclusions +## Configuration +### Cookie Domain + +Starting from version 3, you may set domain for the XSRF cookie: + +```ruby +# application.rb +class Application < Rails::Application + #... + config.angular_rails_csrf_domain = :all +end +``` + +If `angular_rails_csrf_domain` is not set, it defaults to `nil`. + +### Exclusions Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):