From c63c06b7ec10fb1844f9ccf3f47dec55dc288e88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juanjo=20Baz=C3=A1n?= <jjbazan@gmail.com>
Date: Wed, 14 Sep 2016 13:13:23 +0200
Subject: [PATCH] protect_from_forgery is not prepended by default so it has to
 appear before devise's auth methods

---
 app/controllers/application_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 38ce20f34..d22ec7269 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,6 +4,8 @@ class ApplicationController < ActionController::Base
   include HasFilters
   include HasOrders
 
+  protect_from_forgery with: :exception
+
   before_action :authenticate_http_basic, if: :http_basic_auth_site?
 
   before_action :ensure_signup_complete
@@ -15,8 +17,6 @@ class ApplicationController < ActionController::Base
   check_authorization unless: :devise_controller?
   self.responder = ApplicationResponder
 
-  protect_from_forgery with: :exception
-
   rescue_from CanCan::AccessDenied do |exception|
     respond_to do |format|
       format.html { redirect_to main_app.root_url, alert: exception.message }