Improve web api protect (#6343)

2018-04-17 22:23:46 +09:00
parent 204d72fbe4
commit 897199910f
6 changed files with 18 additions and 10 deletions
--- a/app/controllers/api/web/base_controller.rb
+++ b/app/controllers/api/web/base_controller.rb
@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Api::Web::BaseController < Api::BaseController
+  protect_from_forgery with: :exception
+
+  rescue_from ActionController::InvalidAuthenticityToken do
+    render json: { error: "Can't verify CSRF token authenticity." }, status: 422
+  end
+end