Contents

module Kms
  class ApplicationController < ActionController::Base
    before_action :authenticate_kms_user!
    # Prevent CSRF attacks by raising an exception.
    # For APIs, you may want to use :null_session instead.
    protect_from_forgery with: :exception

    after_action :set_csrf_cookie_for_ng

    def set_csrf_cookie_for_ng
      cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
    end

    protected

    def verified_request?
      super || cookies['XSRF-TOKEN'] == request.headers['X-XSRF-TOKEN']
    end

    def current_ability
      @current_ability ||= Ability.new(current_kms_user)
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version	Path
kms-1.2.1	app/controllers/kms/application_controller.rb
kms-1.2.0	app/controllers/kms/application_controller.rb
kms-1.1.0	app/controllers/kms/application_controller.rb
kms-1.0.1	app/controllers/kms/application_controller.rb
kms-1.0.0	app/controllers/kms/application_controller.rb
kms-0.9.0	app/controllers/kms/application_controller.rb
kms-0.8.0	app/controllers/kms/application_controller.rb