diff options
| author | PaulL1 <PaulL1@users.noreply.github.com> | 2014-04-17 14:04:40 +0200 | 
|---|---|---|
| committer | PaulL1 <PaulL1@users.noreply.github.com> | 2014-04-17 14:04:40 +0200 | 
| commit | 92fd44b35df65556c8baad565421fd8fd44ee509 (patch) | |
| tree | 1eb28af58704e815231865441feeb45d3438466d /actionpack/lib/action_controller/base.rb | |
| parent | 542457b5d2f56baafd60a0e46f1bfb9eb481e61b (diff) | |
| download | rails-92fd44b35df65556c8baad565421fd8fd44ee509.tar.gz rails-92fd44b35df65556c8baad565421fd8fd44ee509.tar.bz2 rails-92fd44b35df65556c8baad565421fd8fd44ee509.zip | |
CSRF protection should rescue exception not extend
I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found.  The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned.
I think the best approach now is to catch the exception, although I'm not 100% certain on that.
Diffstat (limited to 'actionpack/lib/action_controller/base.rb')
0 files changed, 0 insertions, 0 deletions
