Skip to content
This repository has been archived by the owner on Aug 29, 2018. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
BZ878754 No CSRF attack protection in console
  • Loading branch information
calfonso committed Dec 3, 2012
1 parent f28e0b8 commit 1ad0d1d
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions openshift-console/app/controllers/application_controller.rb
Expand Up @@ -2,4 +2,9 @@ class ApplicationController < ActionController::Base
include Console::Rescue

protect_from_forgery

protected
def handle_unverified_request
raise Console::AccessDenied, "Request authenticity token does not match session #{session.inspect}"
end
end

0 comments on commit 1ad0d1d

Please sign in to comment.