Prepend the CSRF filter to make it much more difficult to execute application code before it fires.

3d907a68 · Michael Koziarski · 2cce44fa · 3d907a68
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

actionpack/lib/action_controller/metal/request_forgery_protection.rb ...lib/action_controller/metal/request_forgery_protection.rb +1 -1

未找到文件。
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -66,7 +66,7 @@ module ClassMethods
      # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call.  Set which actions are verified.
      def protect_from_forgery(options = {})
        self.request_forgery_protection_token ||= :authenticity_token
-        before_filter :verify_authenticity_token, options
+        prepend_before_filter :verify_authenticity_token, options
      end
    end