Permalink
Browse files

Prepend the CSRF filter to make it much more difficult to execute app…

…lication code before it fires.
  • Loading branch information...
1 parent 2cce44f commit 3d907a68d91acbd7723cdc793e5f74d2f22fb519 @NZKoz NZKoz committed Feb 22, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -66,7 +66,7 @@ module ClassMethods
# * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call. Set which actions are verified.
def protect_from_forgery(options = {})
self.request_forgery_protection_token ||= :authenticity_token
- before_filter :verify_authenticity_token, options
+ prepend_before_filter :verify_authenticity_token, options
end
end

0 comments on commit 3d907a6

Please sign in to comment.