DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

controllers: use default Rails settings for protecting against forgery

Browse source 
Rails uses `config.action_controller.allow_forgery_protection` to
enable or disable forgery protection globaly.

This is disabled for tests by default. So our custom config is not
required.
This commit is contained in:
Pierre de La Morinerie 2021-06-22 11:40:13 +02:00
parent 5908b8019a
commit a99a6cc49f
1 changed files with 0 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/application_controller.rb
View file

@ -5,9 +5,6 @@ class ApplicationController < ActionController::Base
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
before_action :set_current_roles
before_action :set_sentry_user
before_action :redirect_if_untrusted