Sets forgery protection filter first.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6315 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
9cebf65568
commit
130b71d121
|
@ -26,6 +26,8 @@ class ApplicationController < ActionController::Base
|
|||
layout 'base'
|
||||
exempt_from_layout 'builder', 'rsb'
|
||||
|
||||
protect_from_forgery
|
||||
|
||||
# Remove broken cookie after upgrade from 0.8.x (#4292)
|
||||
# See https://rails.lighthouseapp.com/projects/8994/tickets/3360
|
||||
# TODO: remove it when Rails is fixed
|
||||
|
@ -40,7 +42,6 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
before_filter :user_setup, :check_if_login_required, :set_localization
|
||||
filter_parameter_logging :password
|
||||
protect_from_forgery
|
||||
|
||||
rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
|
||||
rescue_from ::Unauthorized, :with => :deny_access
|
||||
|
|
Loading…
Reference in New Issue