summaryrefslogtreecommitdiffstats
path: root/app/controllers/application_controller.rb
diff options
context:
space:
mode:
authorMarius Balteanu <marius.balteanu@zitec.com>2022-01-22 08:43:42 +0000
committerMarius Balteanu <marius.balteanu@zitec.com>2022-01-22 08:43:42 +0000
commit9cda1638bda7800b6f0f67d621ab04e1dbb7388a (patch)
tree32b1ee455f3d8e23d3f6d28e376a87b3aab7fce1 /app/controllers/application_controller.rb
parentff2752f7362366bde3918bc733bb6f08e7b24cce (diff)
downloadredmine-9cda1638bda7800b6f0f67d621ab04e1dbb7388a.tar.gz
redmine-9cda1638bda7800b6f0f67d621ab04e1dbb7388a.zip
Set default protect from forgery true (#36317).
Patch by Takashi Kato. git-svn-id: http://svn.redmine.org/redmine/trunk@21379 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r--app/controllers/application_controller.rb17
1 files changed, 10 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2dc99a01f..8878026f3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -38,8 +38,6 @@ class ApplicationController < ActionController::Base
layout 'base'
- protect_from_forgery
-
def verify_authenticity_token
unless api_request?
super
@@ -48,11 +46,16 @@ class ApplicationController < ActionController::Base
def handle_unverified_request
unless api_request?
- super
- cookies.delete(autologin_cookie_name)
- self.logged_user = nil
- set_localization
- render_error :status => 422, :message => l(:error_invalid_authenticity_token)
+ begin
+ super
+ rescue ActionController::InvalidAuthenticityToken => e
+ logger.error("ActionController::InvalidAuthenticityToken: #{e.message}") if logger
+ ensure
+ cookies.delete(autologin_cookie_name)
+ self.logged_user = nil
+ set_localization
+ render_error :status => 422, :message => l(:error_invalid_authenticity_token)
+ end
end
end