Merge branch 'hotfix/0.21.0.14' into rails-3-develop

author: Louise Crow <louise.crow@gmail.com> 2015-04-10 12:14:41 +0100
committer: Louise Crow <louise.crow@gmail.com> 2015-04-10 12:14:41 +0100
commit: e359ef487c980ec881e26a8df1c4b630238c1755 (patch)
tree: b810b4684d224b64b1464337094f5258255a604b /app/controllers/application_controller.rb
parent: 667429970d935cb05d6926e94ab96b16ea5a8138 (diff)
parent: 6cfa3e2e81cd7cbd7a2709f37c7fa703a41af2d5 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index dbd879a1c..044f8e10f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -14,7 +14,8 @@ class ApplicationController < ActionController::Base
     end
     class RouteNotFound < StandardError
     end
-    protect_from_forgery
+    protect_from_forgery :if => :user?
+    skip_before_filter :verify_authenticity_token, :unless => :user?
 
     # assign our own handler method for non-local exceptions
     rescue_from Exception, :with => :render_exception
@@ -247,6 +248,16 @@ class ApplicationController < ActionController::Base
 
     private
 
+    def user?
+        !session[:user_id].nil?
+    end
+
+    def form_authenticity_token
+        if user?
+            session[:_csrf_token] ||= SecureRandom.base64(32)
+        end
+    end
+
     # Check the user is logged in
     def authenticated?(reason_params)
         unless session[:user_id]
author	Louise Crow <louise.crow@gmail.com>	2015-04-10 12:14:41 +0100
committer	Louise Crow <louise.crow@gmail.com>	2015-04-10 12:14:41 +0100
commit	e359ef487c980ec881e26a8df1c4b630238c1755 (patch)
tree	b810b4684d224b64b1464337094f5258255a604b /app/controllers/application_controller.rb
parent	667429970d935cb05d6926e94ab96b16ea5a8138 (diff)
parent	6cfa3e2e81cd7cbd7a2709f37c7fa703a41af2d5 (diff)