Add CSRF protection on state changing actions. Use default handler handle_unverified_request which clears session.

author: Louise Crow <louise.crow@gmail.com> 2011-02-28 13:21:32 +0000
committer: Louise Crow <louise.crow@gmail.com> 2011-02-28 13:21:32 +0000
commit: 4cc2cf2a6d935adfd263ea4fd7791a6d84f704da (patch)
tree: 9733899634a7d71c625c40ae8ae60a559f4d7767 /app/controllers/comment_controller.rb
parent: fe8e25164126b2c792b5b6a59c72b31b26bce64d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index d5f8f89fb..4a0661f34 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -8,6 +8,7 @@
 
 class CommentController < ApplicationController
     before_filter :check_read_only, :only => [ :new ]
+    protect_from_forgery :only => [ :new ]
     
     def new
         if params[:type] == 'request'
author	Louise Crow <louise.crow@gmail.com>	2011-02-28 13:21:32 +0000
committer	Louise Crow <louise.crow@gmail.com>	2011-02-28 13:21:32 +0000
commit	4cc2cf2a6d935adfd263ea4fd7791a6d84f704da (patch)
tree	9733899634a7d71c625c40ae8ae60a559f4d7767 /app/controllers/comment_controller.rb
parent	fe8e25164126b2c792b5b6a59c72b31b26bce64d (diff)