From e8da858e0e71b895bc7edab0a02604cfbe244b3c Mon Sep 17 00:00:00 2001
From: Tom Copeland <tom@motorefi.com>
Date: Fri, 21 Jul 2017 09:15:06 -0400
Subject: [PATCH] Comment out csrf_meta_tags

Per https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF this line should
be commented out for the developer to fix (by uncommenting it).
---
 app/views/layouts/application.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 5baa362..960c521 100755
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -4,7 +4,7 @@
   <title>RailsGoat</title>
   <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
   <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
-  <%= csrf_meta_tags %> <!-- <~ What is this for? I hear it helps w/ JS and Sea-surfing.....whatevz -->
+  <%#= csrf_meta_tags %> <!-- <~ What is this for? I hear it helps w/ JS and Sea-surfing.....whatevz -->
   <!-- bootstrap css -->
 <%
 if cookies[:font]