Prepend the CSRF filter to make it much more difficult to execute application code before it fires.

author: Michael Koziarski <michael@koziarski.com> 2011-02-23 08:59:13 +1300
committer: Michael Koziarski <michael@koziarski.com> 2011-02-23 09:00:41 +1300
commit: 3d907a68d91acbd7723cdc793e5f74d2f22fb519 (patch)
tree: 022091e6fbc1932d2cf52151cba2ba38a2f147da /actionpack/lib/action_controller/metal
parent: 2cce44fa7c2b5363ab847f01875c6f1b00463b01 (diff)
download: rails-3d907a68d91acbd7723cdc793e5f74d2f22fb519.tar.gz
rails-3d907a68d91acbd7723cdc793e5f74d2f22fb519.tar.bz2
rails-3d907a68d91acbd7723cdc793e5f74d2f22fb519.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index b89e03bfb6..1cd93a188c 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -66,7 +66,7 @@ module ActionController #:nodoc:
       # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call.  Set which actions are verified.
       def protect_from_forgery(options = {})
         self.request_forgery_protection_token ||= :authenticity_token
-        before_filter :verify_authenticity_token, options
+        prepend_before_filter :verify_authenticity_token, options
       end
     end
author	Michael Koziarski <michael@koziarski.com>	2011-02-23 08:59:13 +1300
committer	Michael Koziarski <michael@koziarski.com>	2011-02-23 09:00:41 +1300
commit	3d907a68d91acbd7723cdc793e5f74d2f22fb519 (patch)
tree	022091e6fbc1932d2cf52151cba2ba38a2f147da /actionpack/lib/action_controller/metal
parent	2cce44fa7c2b5363ab847f01875c6f1b00463b01 (diff)
download	rails-3d907a68d91acbd7723cdc793e5f74d2f22fb519.tar.gz rails-3d907a68d91acbd7723cdc793e5f74d2f22fb519.tar.bz2 rails-3d907a68d91acbd7723cdc793e5f74d2f22fb519.zip