Commit 2992aac7 authored by jplang's avatar jplang

Code cleanup: unverified request no longer raises a InvalidAuthenticityToken exception.

git-svn-id: https://svn.redmine.org/redmine/trunk@12267 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent b235e508
......@@ -36,11 +36,14 @@ class ApplicationController < ActionController::Base
def handle_unverified_request
super
cookies.delete(autologin_cookie_name)
if api_request?
logger.error "API calls must include a proper Content-type header (application/xml or application/json)."
end
render_error :status => 422, :message => "Invalid form authenticity token."
end
before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization
rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
rescue_from ::Unauthorized, :with => :deny_access
rescue_from ::ActionView::MissingTemplate, :with => :missing_template
......@@ -450,13 +453,6 @@ class ApplicationController < ActionController::Base
request.xhr? ? false : 'base'
end
def invalid_authenticity_token
if api_request?
logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
end
render_error "Invalid form authenticity token."
end
def render_feed(items, options={})
@items = items || []
@items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
......
......@@ -67,4 +67,13 @@ class ApplicationTest < ActionController::IntegrationTest
get '/login.png'
assert_response 404
end
def test_invalid_token_should_call_custom_handler
ActionController::Base.allow_forgery_protection = true
post '/issues'
assert_response 422
assert_include "Invalid form authenticity token.", response.body
ensure
ActionController::Base.allow_forgery_protection = false
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment