Update CSRF chain to prepend checks and resolve comments from PR

Signed-off-by: Sebastian Serth <Sebastian.Serth@student.hpi.de>
2018-09-24 16:27:13 +02:00
parent 4809f7bc03
commit a77a006e8d
3 changed files with 3 additions and 6 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -6,7 +6,7 @@ class ApplicationController < ActionController::Base
  after_action :verify_authorized, except: [:help, :welcome]
  before_action :set_locale, :allow_iframe_requests
-  protect_from_forgery(with: :exception)
+  protect_from_forgery(with: :exception, prepend: true)
  rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
  def current_user
--- a/app/helpers/lti_helper.rb
+++ b/app/helpers/lti_helper.rb
@ -1,4 +1,4 @@
-require 'oauth/request_proxy/action_controller_request'
+require 'oauth/request_proxy/action_controller_request' # Rails 5 changed `Rack::Request` to `ActionDispatch::Request`
 module LtiHelper
  def lti_outcome_service?(exercise_id, external_user_id, consumer_id)
--- a/spec/support/selenium.rb
+++ b/spec/support/selenium.rb
@ -8,9 +8,6 @@ if ENV['HEADLESS_TEST'] == 'true' || ENV['USER'] == 'vagrant'
  headless.start
 end
 #Capybara.server = :webrick
 # Capybara.server_port = 3333
 Capybara.register_driver :selenium do |app|
  profile = Selenium::WebDriver::Firefox::Profile.new
  profile['intl.accept_languages'] = 'en'
@ -18,7 +15,7 @@ Capybara.register_driver :selenium do |app|
  options = Selenium::WebDriver::Firefox::Options.new
  options.profile = profile
  driver = Capybara::Selenium::Driver.new(app, browser: :firefox, desired_capabilities: capabilities, options: options)
-  #driver.browser.manage.window.resize_to(1280, 960)
+  driver.browser.manage.window.resize_to(1280, 960)
  driver
 end
 Capybara.javascript_driver = :selenium