From 7068571b286f8f61bdc4f81ca53fb5ee5b7a2681 Mon Sep 17 00:00:00 2001 From: Neil Smith Date: Fri, 17 Jan 2014 18:41:31 +0000 Subject: [PATCH] Tweaked the controller to use 'protect_from_forgery' properly --- app/controllers/application_controller.rb | 3 ++- app/controllers/feed_controller.rb | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d83690e..840f64a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,6 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. - protect_from_forgery with: :exception + # protect_from_forgery with: :exception + protect_from_forgery with: :null_session end diff --git a/app/controllers/feed_controller.rb b/app/controllers/feed_controller.rb index 41e357a..2fd0bd6 100644 --- a/app/controllers/feed_controller.rb +++ b/app/controllers/feed_controller.rb @@ -1,9 +1,8 @@ class FeedController < ApplicationController - skip_before_filter :verify_authenticity_token + # skip_before_filter :verify_authenticity_token def index - # @feeds = FeedItem.find(:all, :select => 'DISTINCT feed_name') @feeds = FeedItem.select(:feed_name).distinct respond_to do |format| format.html @@ -17,7 +16,7 @@ class FeedController < ApplicationController @feed_name = params[:feed_name] @feed_items = FeedItem.in_feed(@feed_name) respond_to do |format| - if @feed_items == [] + if @feed_items.empty? flash[:notice] = "No items in feed #{@feed_name}" format.html { redirect_to index_path } format.rss { render :layout => false } -- 2.34.1