temporary workaround

crowdAI · Jun 7, 2018 · 9fec8d6 · 9fec8d6
1 parent 6d5d5a8
commit 9fec8d6
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 class ApplicationController < ActionController::Base
+  #protect_from_forgery
   #protect_from_forgery with: :exception, prepend: true
+  skip_before_action :verify_authenticity_token, raise: false
   include Pundit
   rescue_from Pundit::NotAuthorizedError, with: :not_authorized_or_login
   after_action :participant_activity

diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb
@@ -14,7 +14,7 @@
 Rails.application.config.action_controller.per_form_csrf_tokens = false
 
 # Enable origin-checking CSRF mitigation. Previous versions had false.
-Rails.application.config.action_controller.forgery_protection_origin_check = false
+#Rails.application.config.action_controller.forgery_protection_origin_check = false
 
 # Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`.
 # Previous versions had false.