Arcane + Devise + CSRF

[sjke]

I'm using rails 4.2.5, Devise 3.5.3 and arcane 1.2.0

So, I hv a big problem:

When User try to sign in on application, server can't verify CSRF token, because you override params with current_params_user.

I fix this problem as :

  def params
    return super unless controller_name = 'session'
    @_params = ActionController::Parameters.new(request.parameters)
  end

but it's ....

[zeevallin]

@sjke I usually solve this by always having current params user return a user object (guest user or logged in user).

If you want to override #params for a specific controller, you're able to define the method in that controller instead of defining it in your application controller and having that conditional.

Closing this issue.