Monday, January 29, 2018
I recently added a before_action before protect_from_forgery
-- before_action :set_locale
protect_from_forgery with: :exception
This causes an exception when a user tries to log in with devise.
the fix is simple (protect from forgery before doing other actions)
before_action :set_locale
protect_from_forgery with: :exception, prepend: true
however - what concerns me is that the bug triggered an exception in production which was not caught in test.
steps to trigger the bug are
1) create an account
2) log out
3) sign in
I test this explicitly in an rspec capybara test using chrome with javascript enabled.
In the test, I don't get the exception.
can anyone explain why?
thanks,
Rob
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7423d138-4858-424b-9f74-4ac743f69b43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment