From 58157beb01569493ce299f549c8adb5a24a313cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Sun, 10 Nov 2019 19:19:42 +0100
Subject: [PATCH] Add CSRF protection to management controllers

---
 app/controllers/management/base_controller.rb     | 1 +
 app/controllers/management/sessions_controller.rb | 1 +
 2 files changed, 2 insertions(+)

diff --git a/app/controllers/management/base_controller.rb b/app/controllers/management/base_controller.rb
index a5a6ed593..6d4070e09 100644
--- a/app/controllers/management/base_controller.rb
+++ b/app/controllers/management/base_controller.rb
@@ -2,6 +2,7 @@ class Management::BaseController < ActionController::Base
   include GlobalizeFallbacks
   layout "management"
   default_form_builder ConsulFormBuilder
+  protect_from_forgery with: :exception
 
   before_action :verify_manager
   before_action :set_locale
diff --git a/app/controllers/management/sessions_controller.rb b/app/controllers/management/sessions_controller.rb
index 84d9d1265..d2fdfe3eb 100644
--- a/app/controllers/management/sessions_controller.rb
+++ b/app/controllers/management/sessions_controller.rb
@@ -4,6 +4,7 @@ class Management::SessionsController < ActionController::Base
   include GlobalizeFallbacks
   include AccessDeniedHandler
   default_form_builder ConsulFormBuilder
+  protect_from_forgery with: :exception
 
   def create
     destroy_session