diff options
| author | Louise Crow <louise.crow@gmail.com> | 2011-02-28 13:21:32 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2011-02-28 13:21:32 +0000 |
| commit | 4cc2cf2a6d935adfd263ea4fd7791a6d84f704da (patch) | |
| tree | 9733899634a7d71c625c40ae8ae60a559f4d7767 /app/controllers/request_controller.rb | |
| parent | fe8e25164126b2c792b5b6a59c72b31b26bce64d (diff) | |
Add CSRF protection on state changing actions. Use default handler handle_unverified_request which clears session.
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 545a40cfe..36fbc2b11 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -7,7 +7,8 @@ # $Id: request_controller.rb,v 1.192 2009-10-19 19:26:40 francis Exp $ class RequestController < ApplicationController - before_filter :check_read_only, :only => [ :new, :show_response, :describe_state ] + before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ] + protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details def show # Look up by old style numeric identifiers |