Please sign in to comment.
CSRF protection should rescue exception not extend
I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned. I think the best approach now is to catch the exception, although I'm not 100% certain on that.
- Loading branch information...