Commit 6308927a authored by Samir Noir's avatar Samir Noir 🧀
Browse files

Add missing ActionDispatch::Flash middleware and forgery protection

parent ad361118
......@@ -15,6 +15,10 @@
class ApplicationController < ActionController::Base
include ApplicationHelper
# Enable forgery request protection only in API
# See: https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
protect_from_forgery unless: -> { request.format.json? }
before_action :lookup_credentials
before_action :parse_json_payload, :only => [:create, :update, :destroy]
before_action :set_default_format
......
......@@ -52,6 +52,7 @@ module Api
config.middleware.insert_before Rack::Runtime, Rack::FiberPool, :size => 15
config.middleware.use Rack::PrettyJSON, :warning => true
config.middleware.use Rack::JSONP, :carriage_return => true
config.middleware.use ActionDispatch::Flash
# config.middleware.delete ActionDispatch::ShowExceptions
config.generators do |g|
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment