This project is archived and is in readonly mode.
protect_from_forgery :except override in individual controllers isn't working in rails 3pre
Reported by bshelton229 | February 9th, 2010 @ 06:58 PM
When protect_from_forgery is defined in application_controller.rb (ApplicationController), protect_from_forgery :except => :method within individual controllers doesn't skip forgery protection for those methods as it should.
If protect_from_forgery is set in each controller explicitly, one of them containing an :except clause, the exception is honored. Seems to be that the problem is only when protect_from_forgery is defined in ApplicationController, the exceptions in individual controllers don't take.
Comments and changes to this ticket
-
José Valim February 10th, 2010 @ 06:48 AM
- State changed from “new” to “duplicate”
Duplicate of #3913.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
bshelton229
José Valim