From 4cc2cf2a6d935adfd263ea4fd7791a6d84f704da Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Mon, 28 Feb 2011 13:21:32 +0000
Subject: Add CSRF protection on state changing actions. Use default handler
 handle_unverified_request which clears session.

---
 app/controllers/comment_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers/comment_controller.rb')

diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index d5f8f89fb..4a0661f34 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -8,6 +8,7 @@
 
 class CommentController < ApplicationController
     before_filter :check_read_only, :only => [ :new ]
+    protect_from_forgery :only => [ :new ]
     
     def new
         if params[:type] == 'request'
-- 
cgit v1.2.3