joeytheman
bgarret
/ application_controller.rb
Created
February 21, 2012 08:31
— forked from jamesbebbington/application_controller.rb
Rack middleware and form tag patch to insert csrf tokens into cached pages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ApplicationController < ActionController::Base | |
| TOKEN_PLACEHOLDER = "__CROSS_SITE_REQUEST_FORGERY_PROTECTION_TOKEN__" | |
| before_filter :form_authenticity_token | |
| after_filter :inject_csrf_token | |
| private | |
| def inject_csrf_token | |
| if protect_against_forgery? && token = session['_csrf_token'] |