Allow login from non-Rails app.

The login form is often on a 3rd party system (brochure site, etc.) so we need to disable the authenticity token checking on login. It is not really needed anyway.
eric1234 · Aug 28, 2013 · ed5a188 · ed5a188
1 parent 367012b
commit ed5a188
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -2,6 +2,10 @@
 class SessionsController < ApplicationController
   PUBLIC_ACTIONS = %w(new create)
 
+  # Login form might be hosted elsewhere (brochure site). Protection
+  # not really needed for this action anyway.
+  skip_before_filter :verify_authenticity_token, only: :create
+
   # The login form
   def new
     @session = Session.new