From 59705deeaf3861caff1016e59da47708870f33ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Mon, 9 May 2011 17:23:41 +0200
Subject: Warn if we cannot verify CSRF token authenticity

---
 actionpack/lib/action_controller/metal/request_forgery_protection.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 1cd93a188c..13044a7450 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -73,7 +73,10 @@ module ActionController #:nodoc:
     protected
       # The actual before_filter that is used.  Modify this to change how you handle unverified requests.
       def verify_authenticity_token
-        verified_request? || handle_unverified_request
+        unless verified_request?
+          logger.debug "WARNING: Can't verify CSRF token authenticity" if logger
+          handle_unverified_request
+        end
       end
 
       def handle_unverified_request
-- 
cgit v1.2.3