My application controller looks like this:
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :check_csrf
def check_csrf
if not verified_request?
redirect_to root_url, :error => "forgery protection"
return
end
end
end
Without check_csrf, Rails writes warning to server console on bad responses, then execution continues as usually. So I had to write my own check_csrf. Now it works fine. Is it correct? Is there a simplier way to stop execution of bad request?
Rails version: 3.1.
I think you should override handle_unverified_request.
Something like that:
class ApplicationController < ActionController::Base
protect_from_forgery
protected
def handle_unverified_request
redirect_to root_url, :error => "forgery protection"
end
end