move protect_from_forgery to the beginning of the before_filter chain as per the recommended rails practices
This commit is contained in:
parent
531653596d
commit
d7a9adf880
|
@ -24,6 +24,12 @@ class ApplicationController < ActionController::Base
|
||||||
layout 'base'
|
layout 'base'
|
||||||
exempt_from_layout 'builder', 'rsb'
|
exempt_from_layout 'builder', 'rsb'
|
||||||
|
|
||||||
|
protect_from_forgery
|
||||||
|
def handle_unverified_request
|
||||||
|
super
|
||||||
|
cookies.delete(:autologin)
|
||||||
|
end
|
||||||
|
|
||||||
# Remove broken cookie after upgrade from 0.8.x (#4292)
|
# Remove broken cookie after upgrade from 0.8.x (#4292)
|
||||||
# See https://rails.lighthouseapp.com/projects/8994/tickets/3360
|
# See https://rails.lighthouseapp.com/projects/8994/tickets/3360
|
||||||
# TODO: remove it when Rails is fixed
|
# TODO: remove it when Rails is fixed
|
||||||
|
@ -38,7 +44,6 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
before_filter :user_setup, :check_if_login_required, :set_localization
|
before_filter :user_setup, :check_if_login_required, :set_localization
|
||||||
filter_parameter_logging :password
|
filter_parameter_logging :password
|
||||||
protect_from_forgery
|
|
||||||
|
|
||||||
rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
|
rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue