jro_apps/redmine Commit - r12041:6628610ed696

Merged r12267....

Jean-Philippe Lang -

r12041:6628610ed696

parent child

Context file:

r12041:6628610ed696

app/controllers/application_controller.rb +4 -8

                def handle_unverified_request
                  super
                  cookies.delete(autologin_cookie_name)
+                 if api_request?
+                   logger.error "API calls must include a proper Content-type header (application/xml or application/json)."
+                 end
+                 render_error :status => 422, :message => "Invalid form authenticity token."
                end
                before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization
-               rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
                rescue_from ::Unauthorized, :with => :deny_access
                rescue_from ::ActionView::MissingTemplate, :with => :missing_template
                  request.xhr? ? false : 'base'
                end
-               def invalid_authenticity_token
-                 if api_request?
-                   logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
-                 end
-                 render_error "Invalid form authenticity token."
-               end
                def render_feed(items, options={})
                  @items = items || []
                  @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }

test/integration/application_test.rb +9 0

                  get '/login.png'
                  assert_response 404
                end
+               def test_invalid_token_should_call_custom_handler
+                 ActionController::Base.allow_forgery_protection = true
+                 post '/issues'
+                 assert_response 422
+                 assert_include "Invalid form authenticity token.", response.body
+               ensure
+                 ActionController::Base.allow_forgery_protection = false
+               end
              end

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages