move protect_from_forgery to the beginning of the before_filter chain as per the…

move protect_from_forgery to the beginning of the before_filter chain as per the recommended rails practices

move protect_from_forgery to the beginning of the before_filter chain as per the…
move protect_from_forgery to the beginning of the before_filter chain as per the recommended rails practices
d7a9adf8 · Holger Just · 53165359 · d7a9adf8
Commit d7a9adf8 authored Jul 29, 2011 by Holger Just
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

application_controller.rb app/controllers/application_controller.rb +6 -1

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -24,6 +24,12 @@ class ApplicationController < ActionController::Base
  layout 'base'
  exempt_from_layout 'builder', 'rsb'

+  protect_from_forgery
+  def handle_unverified_request
+    super
+    cookies.delete(:autologin)
+  end
+
  # Remove broken cookie after upgrade from 0.8.x (#4292)
  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
  # TODO: remove it when Rails is fixed
@@ -38,7 +44,6 @@ class ApplicationController < ActionController::Base

  before_filter :user_setup, :check_if_login_required, :set_localization
  filter_parameter_logging :password
-  protect_from_forgery

  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token