diff options
| -rw-r--r-- | app/controllers/admin_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/comment_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/track_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 7 |
6 files changed, 2 insertions, 13 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 3bf40b8f9..7760c372b 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -9,7 +9,6 @@ require 'fileutils' class AdminController < ApplicationController layout "admin" before_filter :authenticate - protect_from_forgery # See ActionController::RequestForgeryProtection for details # action to take if expecting an authenticity token and one isn't received def handle_unverified_request diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4d3f40d40..445a13d0c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,6 +14,8 @@ class ApplicationController < ActionController::Base end class RouteNotFound < StandardError end + protect_from_forgery + # assign our own handler method for non-local exceptions rescue_from Exception, :with => :render_exception diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb index 2c0037577..890e9faaa 100644 --- a/app/controllers/comment_controller.rb +++ b/app/controllers/comment_controller.rb @@ -10,7 +10,6 @@ class CommentController < ApplicationController before_filter :create_track_thing, :only => [ :new ] before_filter :reject_unless_comments_allowed, :only => [ :new ] before_filter :reject_if_user_banned, :only => [ :new ] - protect_from_forgery :only => [ :new ] def new if params[:comment] diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 9e2c291dc..43404574d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -10,7 +10,6 @@ require 'open-uri' class RequestController < ApplicationController before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ] - protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details before_filter :check_batch_requests_and_user_allowed, :only => [ :select_authorities, :new_batch ] MAX_RESULTS = 500 PER_PAGE = 25 diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 83700a55b..7018af03c 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -6,9 +6,6 @@ # Email: hello@mysociety.org; WWW: http://www.mysociety.org/ class TrackController < ApplicationController - - protect_from_forgery # See ActionController::RequestForgeryProtection for details - before_filter :medium_cache # Track all updates to a particular request diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index baeaab18a..108a6e9e5 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -7,15 +7,8 @@ require 'set' class UserController < ApplicationController - layout :select_layout - protect_from_forgery :only => [ :contact, - :set_profile_photo, - :signchangeemail, - :clear_profile_photo, - :set_profile_about_me ] # See ActionController::RequestForgeryProtection for details - # Show page about a user def show long_cache |