From 2b679683b19322a568225a69949e5d8ed61fe9a9 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:40:06 -0700 Subject: protect from forgery and cache ip and hostname on fake agent. --- app/controllers/api/agents/events_controller.rb | 2 +- app/controllers/api/api_controller.rb | 7 ++++++- app/controllers/application_controller.rb | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb index ca9b829..60b9195 100644 --- a/app/controllers/api/agents/events_controller.rb +++ b/app/controllers/api/agents/events_controller.rb @@ -1,6 +1,6 @@ module Api module Agents - class EventsController < ApplicationController + class EventsController < ApiController def create @agent = Agent.find(params[:agent_id]) publish(EventMessage.new( diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb index 0316222..6954700 100644 --- a/app/controllers/api/api_controller.rb +++ b/app/controllers/api/api_controller.rb @@ -1,5 +1,10 @@ module Api - class ApiController < ApplicationController + class ApiController < ActionController::Base protect_from_forgery with: :null_session + protected + + def publish(message) + Publisher.publish(message) + end end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 209ec89..54093eb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,7 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. - #protect_from_forgery with: :exception + protect_from_forgery with: :exception protected -- cgit v1.2.3