add safety check for which site to save to to make sure user hasn't switched users in another tab

This commit is contained in:
Kyle Drake 2018-03-02 23:20:46 -08:00
parent 2c4972d89c
commit 83acf308e1
3 changed files with 24 additions and 12 deletions

View file

@ -2,11 +2,6 @@ def dashboard_if_signed_in
redirect '/dashboard' if signed_in?
end
def require_login_ajax
halt 'You are not logged in!' unless signed_in?
halt 'Please contact support.' if banned?
end
def csrf_safe?
csrf_token == params[:csrf_token] || csrf_token == request.env['HTTP_X_CSRF_TOKEN']
end