From 73b944eca721be750e1263c15d221f153d1396d0 Mon Sep 17 00:00:00 2001
From: Lisa Ugray <lisa.ugray@shopify.com>
Date: Mon, 10 Jul 2017 15:44:12 -0400
Subject: Add ActionController::Base.skip_forgery_protection

Since we now default to `protect_from_forgery with: :exception`,
provide a wrapper to `skip_before_action :verify_authenticity_token`
for disabling forgery protection.
---
 .../lib/action_controller/metal/request_forgery_protection.rb    | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'actionpack/lib/action_controller')

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 117dee2219..027dae60fa 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -132,6 +132,15 @@ module ActionController #:nodoc:
         append_after_action :verify_same_origin_request
       end
 
+      # Turn off request forgery protection. This is a wrapper for:
+      #
+      #   skip_before_action :verify_authenticity_token
+      #
+      # See +skip_before_action+ for allowed options.
+      def skip_forgery_protection(options = {})
+        skip_before_action :verify_authenticity_token, options
+      end
+
       private
 
         def protection_method_class(name)
-- 
cgit v1.2.3