controllers: use default Rails settings for protecting against forgery

Rails uses `config.action_controller.allow_forgery_protection` to
enable or disable forgery protection globaly.

This is disabled for tests by default. So our custom config is not
required.
This commit is contained in:
Pierre de La Morinerie 2021-06-22 11:40:13 +02:00
parent 5908b8019a
commit a99a6cc49f

View file

@ -5,9 +5,6 @@ class ApplicationController < ActionController::Base
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.' MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
before_action :set_current_roles before_action :set_current_roles
before_action :set_sentry_user before_action :set_sentry_user
before_action :redirect_if_untrusted before_action :redirect_if_untrusted