Remove unused code

Since Rails 2.3.11, protect_from_forgery exclusively calls handle_unverified_request which defaults to resetting the session. The old code to handle an invalid CSRF token is not used anymore and is thus removed to un-confuse people.
2012-03-05 12:50:44 +01:00 · 2012-03-05 12:50:44 +01:00 · 724bd48494
parent 900eda7a23
commit 724bd48494
1 changed files with 0 additions and 8 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -64,7 +64,6 @@ class ApplicationController < ActionController::Base
  before_filter :user_setup, :check_if_login_required, :set_localization
  filter_parameter_logging :password

-  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
  # FIXME: This doesn't work with Rails >= 3.0 anymore
  # Possible workaround: https://github.com/rails/rails/issues/671#issuecomment-1780159
  rescue_from ActionController::RoutingError, :with => proc{render_404}
@ -336,13 +335,6 @@ class ApplicationController < ActionController::Base
    request.xhr? ? false : 'base'
  end

-  def invalid_authenticity_token
-    if api_request?
-      logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
-    end
-    render_error "Invalid form authenticity token."
-  end
-
  def render_feed(items, options={})
    @items = items || []
    @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }