diff options
| author | Gareth Rees <gareth@mysociety.org> | 2014-10-02 10:17:07 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2014-12-18 15:16:38 +0000 |
| commit | 9ddfdfff9366793516bc09289a1da6156dfd12ca (patch) | |
| tree | b5145d7bed864b200b35972389f348370bcd4d92 /app/controllers/request_controller.rb | |
| parent | a9308e8c9d44cf7ff0f659bccc6b1235a8a81ee2 (diff) | |
Add global protect_from_forgery
Grepping the git logs didn’t bring up a good reason for this to be
excluded. Seems like it came along after the app was initially created
so it never got fully added for fear of regressions. The specs pass for this
commit.
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 9e2c291dc..43404574d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -10,7 +10,6 @@ require 'open-uri' class RequestController < ApplicationController before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ] - protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details before_filter :check_batch_requests_and_user_allowed, :only => [ :select_authorities, :new_batch ] MAX_RESULTS = 500 PER_PAGE = 25 |