consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

protect_from_forgery is not prepended by default

Browse Source 
so it has to appear before devise's auth methods
This commit is contained in:
Juanjo Bazán
2016-09-14 13:13:23 +02:00
committed by Javi Martín
parent b230cd29ab
commit c63c06b7ec
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/application_controller.rb
View File

@@ -4,6 +4,8 @@ class ApplicationController < ActionController::Base
include HasFilters include HasFilters
include HasOrders include HasOrders
protect_from_forgery with: :exception
before_action :authenticate_http_basic, if: :http_basic_auth_site? before_action :authenticate_http_basic, if: :http_basic_auth_site?
before_action :ensure_signup_complete before_action :ensure_signup_complete
@@ -15,8 +17,6 @@ class ApplicationController < ActionController::Base
check_authorization unless: :devise_controller? check_authorization unless: :devise_controller?
self.responder = ApplicationResponder self.responder = ApplicationResponder
protect_from_forgery with: :exception
rescue_from CanCan::AccessDenied do |exception| rescue_from CanCan::AccessDenied do |exception|
respond_to do |format| respond_to do |format|
format.html { redirect_to main_app.root_url, alert: exception.message } format.html { redirect_to main_app.root_url, alert: exception.message }