Warn if we cannot verify CSRF token authenticity

author: José Valim <jose.valim@gmail.com> 2011-05-09 17:23:41 +0200
committer: José Valim <jose.valim@gmail.com> 2011-05-09 17:23:41 +0200
commit: 59705deeaf3861caff1016e59da47708870f33ba (patch)
tree: f2d6277b6a82395e2e10c55b83036a26018a623d /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parent: 2750f2ee00771109b2b254c8d03c5669d9f5bd59 (diff)
download: rails-59705deeaf3861caff1016e59da47708870f33ba.tar.gz
rails-59705deeaf3861caff1016e59da47708870f33ba.tar.bz2
rails-59705deeaf3861caff1016e59da47708870f33ba.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 1cd93a188c..13044a7450 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -73,7 +73,10 @@ module ActionController #:nodoc:
     protected
       # The actual before_filter that is used.  Modify this to change how you handle unverified requests.
       def verify_authenticity_token
-        verified_request? || handle_unverified_request
+        unless verified_request?
+          logger.debug "WARNING: Can't verify CSRF token authenticity" if logger
+          handle_unverified_request
+        end
       end
 
       def handle_unverified_request
author	José Valim <jose.valim@gmail.com>	2011-05-09 17:23:41 +0200
committer	José Valim <jose.valim@gmail.com>	2011-05-09 17:23:41 +0200
commit	59705deeaf3861caff1016e59da47708870f33ba (patch)
tree	f2d6277b6a82395e2e10c55b83036a26018a623d /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parent	2750f2ee00771109b2b254c8d03c5669d9f5bd59 (diff)
download	rails-59705deeaf3861caff1016e59da47708870f33ba.tar.gz rails-59705deeaf3861caff1016e59da47708870f33ba.tar.bz2 rails-59705deeaf3861caff1016e59da47708870f33ba.zip