diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fa97b179c..228be479e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -33,13 +33,19 @@ class ApplicationController < ActionController::Base layout 'base' protect_from_forgery + + def verify_authenticity_token + unless api_request? + super + end + end + def handle_unverified_request - super - cookies.delete(autologin_cookie_name) - if api_request? - logger.error "API calls must include a proper Content-type header (application/xml or application/json)." + unless api_request? + super + cookies.delete(autologin_cookie_name) + render_error :status => 422, :message => "Invalid form authenticity token." end - render_error :status => 422, :message => "Invalid form authenticity token." end before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization |