The #active and #timeout actions are defined with http GETs. protect_from_forgery is not required for http GET calls, and setting the protect_from_forgery with these actions causes an exception when using the rails configuration option raise_on_missing_callback_actions. Therefore remove the call.
pelargir
commented
5 months ago
The
#activeand#timeoutactions are defined with http GETs. protect_from_forgery is not required for http GET calls, and setting the protect_from_forgery with these actions causes an exception when using the rails configuration optionraise_on_missing_callback_actions. Therefore remove the call.See also: https://github.com/pelargir/auto-session-timeout/issues/46