diff options
Diffstat (limited to 'app/controllers/sessions_controller.rb')
| -rw-r--r-- | app/controllers/sessions_controller.rb | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9e743685d60..be6491d042c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -5,14 +5,6 @@ class SessionsController < Devise::SessionsController skip_before_action :check_two_factor_requirement, only: [:destroy] - # Explicitly call protect from forgery before anything else. Otherwise the - # CSFR-token might be cleared before authentication is done. This was the case - # when LDAP was enabled and the `OmniauthCallbacksController` is loaded - # - # *Note:* `prepend: true` is the default for rails4, but this will be changed - # to `prepend: false` in rails5. - protect_from_forgery prepend: true, with: :exception - prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] |