Ensure CSRF protection is prepended before authentication before_actions

TrestleAdmin · Apr 12, 2021 · cb95b05 · cb95b05
1 parent 021955a
commit cb95b05
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/lib/trestle/auth/controller/authentication.rb b/lib/trestle/auth/controller/authentication.rb
@@ -9,6 +9,9 @@ module Authentication
 
           prepend_before_action :require_authenticated_user
           prepend_before_action :authenticate_user
+
+          # Ensure that CSRF protection happens before authentication
+          protect_from_forgery prepend: true
         end
 
       protected