CSRF protection should rescue exception not extend

I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found.  The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned.

I think the best approach now is to catch the exception, although I'm not 100% certain on that.

0 files changed, 0 insertions, 0 deletions