Skip CSRF token check for POST login

puzzle · Sep 28, 2020 · 96bad51 · 96bad51
1 parent bc1fa90
commit 96bad51
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb
@@ -7,6 +7,8 @@
 
 class LoginController < ApplicationController
   skip_before_action :authenticate, except: [:logout]
+  # it's safe to ignore CSRF token for login
+  skip_before_action :verify_authenticity_token, only: :login
   skip_authorization_check
 
   def index