diff options
author | Marius Balteanu <marius.balteanu@zitec.com> | 2022-01-22 08:43:42 +0000 |
---|---|---|
committer | Marius Balteanu <marius.balteanu@zitec.com> | 2022-01-22 08:43:42 +0000 |
commit | 9cda1638bda7800b6f0f67d621ab04e1dbb7388a (patch) | |
tree | 32b1ee455f3d8e23d3f6d28e376a87b3aab7fce1 /app | |
parent | ff2752f7362366bde3918bc733bb6f08e7b24cce (diff) | |
download | redmine-9cda1638bda7800b6f0f67d621ab04e1dbb7388a.tar.gz redmine-9cda1638bda7800b6f0f67d621ab04e1dbb7388a.zip |
Set default protect from forgery true (#36317).
Patch by Takashi Kato.
git-svn-id: http://svn.redmine.org/redmine/trunk@21379 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/application_controller.rb | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2dc99a01f..8878026f3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -38,8 +38,6 @@ class ApplicationController < ActionController::Base layout 'base' - protect_from_forgery - def verify_authenticity_token unless api_request? super @@ -48,11 +46,16 @@ class ApplicationController < ActionController::Base def handle_unverified_request unless api_request? - super - cookies.delete(autologin_cookie_name) - self.logged_user = nil - set_localization - render_error :status => 422, :message => l(:error_invalid_authenticity_token) + begin + super + rescue ActionController::InvalidAuthenticityToken => e + logger.error("ActionController::InvalidAuthenticityToken: #{e.message}") if logger + ensure + cookies.delete(autologin_cookie_name) + self.logged_user = nil + set_localization + render_error :status => 422, :message => l(:error_invalid_authenticity_token) + end end end |