diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index dbd879a1c..044f8e10f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,7 +14,8 @@ class ApplicationController < ActionController::Base end class RouteNotFound < StandardError end - protect_from_forgery + protect_from_forgery :if => :user? + skip_before_filter :verify_authenticity_token, :unless => :user? # assign our own handler method for non-local exceptions rescue_from Exception, :with => :render_exception @@ -247,6 +248,16 @@ class ApplicationController < ActionController::Base private + def user? + !session[:user_id].nil? + end + + def form_authenticity_token + if user? + session[:_csrf_token] ||= SecureRandom.base64(32) + end + end + # Check the user is logged in def authenticated?(reason_params) unless session[:user_id] |