Removed forgery protection from email confirmation page

2015-09-07 12:46:24 -07:00 · 2015-09-07 12:46:24 -07:00 · 553496d51d
commit 553496d51d
parent 83986fe51c
2 changed files with 2 additions and 2 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -6,7 +6,7 @@ end
 class ApplicationController < LinguaFrancaApplicationController
 	# Prevent CSRF attacks by raising an exception.
 	# For APIs, you may want to use :null_session instead.
-	protect_from_forgery with: :exception
+	protect_from_forgery with: :exception, :except => [:do_confirm]

 	before_filter :capture_page_info

--- a/app/views/application/_login_confirm.html.haml
+++ b/app/views/application/_login_confirm.html.haml
@ -2,7 +2,7 @@
 	= columns(medium: 12) do
 		%h2=_'articles.permission_denied.headings.confirm_email','Please confirm your email address'
 	= columns(medium: 6, large: 5) do
-		= form_tag :do_confirm do
+		= form_tag :do_confirm, :authenticity_token => false do
 			.email-field.input-field
 				= email_field_tag :email, nil, required: true
 				= label_tag :email