My application controller looks like this: class ApplicationController < ActionController::Base protect_from_forgery before_filter :check_csrf def

Question

0

Asked: May 27, 20262026-05-27T02:30:34+00:00 2026-05-27T02:30:34+00:00

My application controller looks like this: class ApplicationController < ActionController::Base protect_from_forgery before_filter :check_csrf def

0

My application controller looks like this:

class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :check_csrf
  def check_csrf
    if not verified_request?
      redirect_to root_url, :error => "forgery protection"
      return
    end
  end
end

Without check_csrf, Rails writes warning to server console on bad responses, then execution continues as usually. So I had to write my own check_csrf. Now it works fine. Is it correct? Is there a simplier way to stop execution of bad request?

Rails version: 3.1.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T02:30:34+00:00

Editorial Team

2026-05-27T02:30:34+00:00Added an answer on May 27, 2026 at 2:30 am

I think you should override handle_unverified_request.

Something like that:

class ApplicationController < ActionController::Base
  protect_from_forgery

  protected
    def handle_unverified_request
      redirect_to root_url, :error => "forgery protection"
    end
end

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

My application controller looks like this: class ApplicationController < ActionController::Base protect_from_forgery before_filter :check_csrf def

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply