Add csrf protection to reset action

Signed-off-by: Nick Quaranto <nick@quaran.to>
rubygems · Jun 21, 2016 · cc492ed91c0865ceac5554ebb56ed57f9506237d · cc492ed
1 parent 3c10ff2
commit cc492ed91c0865ceac5554ebb56ed57f9506237d
Unified Split

Showing with 1 addition and 0 deletions.

+1 −0 app/controllers/api/v1/api_keys_controller.rb
diff --git a/app/controllers/api/v1/api_keys_controller.rb b/app/controllers/api/v1/api_keys_controller.rb
@@ -1,4 +1,5 @@
 class Api::V1::ApiKeysController < Api::BaseController
+  before_action :verify_authenticity_token, only: :reset
   before_action :redirect_to_root, unless: :signed_in?, only: [:reset]
 
   def show