move protect_from_forgery to the beginning of the before_filter chain as per the…

move protect_from_forgery to the beginning of the before_filter chain as per the recommended rails practices Merged from master d7a9adf8 Conflicts: app/controllers/application_controller.rb

move protect_from_forgery to the beginning of the before_filter chain as per the…
move protect_from_forgery to the beginning of the before_filter chain as per the recommended rails practices Merged from master d7a9adf8 Conflicts: app/controllers/application_controller.rb
3700bb66 · Holger Just · Eric Davis · c8a6f804 · 3700bb66
Commit 3700bb66 authored Jul 29, 2011 by Holger Just Committed by Eric Davis Jul 29, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 3 deletions

application_controller.rb app/controllers/application_controller.rb +8 -3

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -26,7 +26,13 @@ class ApplicationController < ActionController::Base

  layout 'base'
  exempt_from_layout 'builder', 'rsb'
-  
+
+  protect_from_forgery
+  def handle_unverified_request
+    super
+    cookies.delete(:autologin)
+  end
+
  # Remove broken cookie after upgrade from 0.8.x (#4292)
  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
  # TODO: remove it when Rails is fixed
@@ -41,8 +47,7 @@ class ApplicationController < ActionController::Base
  
  before_filter :user_setup, :check_if_login_required, :set_localization
  filter_parameter_logging :password
-  protect_from_forgery
-  
+
  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
  
  include Redmine::Search::Controller