Sets forgery protection filter first.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6315 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
9cebf65568
commit
130b71d121
|
@ -26,6 +26,8 @@ class ApplicationController < ActionController::Base
|
||||||
layout 'base'
|
layout 'base'
|
||||||
exempt_from_layout 'builder', 'rsb'
|
exempt_from_layout 'builder', 'rsb'
|
||||||
|
|
||||||
|
protect_from_forgery
|
||||||
|
|
||||||
# Remove broken cookie after upgrade from 0.8.x (#4292)
|
# Remove broken cookie after upgrade from 0.8.x (#4292)
|
||||||
# See https://rails.lighthouseapp.com/projects/8994/tickets/3360
|
# See https://rails.lighthouseapp.com/projects/8994/tickets/3360
|
||||||
# TODO: remove it when Rails is fixed
|
# TODO: remove it when Rails is fixed
|
||||||
|
@ -40,7 +42,6 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
before_filter :user_setup, :check_if_login_required, :set_localization
|
before_filter :user_setup, :check_if_login_required, :set_localization
|
||||||
filter_parameter_logging :password
|
filter_parameter_logging :password
|
||||||
protect_from_forgery
|
|
||||||
|
|
||||||
rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
|
rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
|
||||||
rescue_from ::Unauthorized, :with => :deny_access
|
rescue_from ::Unauthorized, :with => :deny_access
|
||||||
|
|
Loading…
Reference in New Issue