Refuse non-JSON queries on API

2015-05-01 17:47:06 +00:00
parent 063376a285
commit 8e3955a97b
2 changed files with 13 additions and 0 deletions
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@@ -4,6 +4,7 @@ module API
    skip_before_filter :authenticate!, only: :cor_preflight

    before_filter :cor_filter
+    before_filter :json_filter!

    def cor_filter
      headers['Access-Control-Allow-Origin'] = request.headers['Origin'] ?
@@ -28,5 +29,9 @@ module API
    def authenticate!
      head :unauthorized if current_user.nil?
    end
+
+    def json_filter!
+      head :not_acceptable if request.format != :json
+    end
  end
 end