From 3d907a68d91acbd7723cdc793e5f74d2f22fb519 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Wed, 23 Feb 2011 08:59:13 +1300
Subject: Prepend the CSRF filter to make it much more difficult to execute
 application code before it fires.

---
 actionpack/lib/action_controller/metal/request_forgery_protection.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_controller/metal')

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index b89e03bfb6..1cd93a188c 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -66,7 +66,7 @@ module ActionController #:nodoc:
       # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call.  Set which actions are verified.
       def protect_from_forgery(options = {})
         self.request_forgery_protection_token ||= :authenticity_token
-        before_filter :verify_authenticity_token, options
+        prepend_before_filter :verify_authenticity_token, options
       end
     end
 
-- 
cgit v1.2.3