diff options
| author | blackst0ne <blackst0ne.ru@gmail.com> | 2018-06-21 21:44:31 +1100 |
|---|---|---|
| committer | blackst0ne <blackst0ne.ru@gmail.com> | 2018-06-21 21:44:31 +1100 |
| commit | 6fef87f17fa6fde7c15668faa43b563eebc0a918 (patch) | |
| tree | d7d03db4922dba9e04df4e1fcf86660296322b84 /app/controllers/application_controller.rb | |
| parent | e40aa397700f997b320d9e6299ab3b15b75c77a8 (diff) | |
| download | gitlab-ce-6fef87f17fa6fde7c15668faa43b563eebc0a918.tar.gz | |
[Rails5] Force the `protect_from_forgery` callback run firstblackst0ne-fix-protect-from-forgery-in-application-controller
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by
default anymore. [1]
Instead it gets inserted into callbacks chain where callbacks get
called in order.
This commit forces the callback to run first.
[1]: https://github.com/rails/rails/commit/39794037817703575c35a75f1961b01b83791191
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 56312f801fb..21cc6dfdd16 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -27,7 +27,7 @@ class ApplicationController < ActionController::Base after_action :set_page_title_header, if: -> { request.format == :json } - protect_from_forgery with: :exception + protect_from_forgery with: :exception, prepend: true helper_method :can? helper_method :import_sources_enabled?, :github_import_enabled?, :gitea_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?, :gitlab_project_import_enabled? |