summaryrefslogtreecommitdiff
path: root/app/controllers/application_controller.rb
blob: de8d06b40a8a09b8280251525c07b65f85429a4a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :no_cache_header
  before_filter :no_frame_header

  ActiveSupport.run_load_hooks(:application_controller, self)

  protected


  rescue_from StandardError do |e|
    respond_to do |format|
      format.json { render_json_error(e) }
      format.all  { raise e }  # reraise the exception so the normal thing happens.
    end
  end

  def render_json_error(e)
    Rails.logger.error e
    Rails.logger.error e.backtrace.join("\n")
    render status: 500,
      json: {error: "The server failed to process your request. We'll look into it."}
  end

  #
  # Allows us to pass through bold text to flash messages. See format_flash() for where this is reversed.
  #
  # TODO: move to core
  #
  def bold(str)
    "[b]#{str}[/b]"
  end
  helper_method :bold

  #
  # we want to prevent the browser from caching anything, just to be safe.
  #
  def no_cache_header
    response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "0"
  end

  #
  # prevent app from being embedded in an iframe, for browsers that support x-frame-options.
  #
  def no_frame_header
    response.headers["X-Frame-Options"] = "DENY"
  end

end