change: use skip_forgery_protection instead of manually set skip_before_action

[luizkowalski]

Pull Request

Summary:

in Rails edge, the CSRF verification has changed from authenticity token to header-based (Sec-Fetch-Site).

This breaks skip_before_action as verify_authenticity_token was removed (here and here)

A simple fix is to use the helper skip_forgery_protection as it is a wrapper for skip_before_action :verify_authenticity_token already and it works for both versions of the code

Related Issue:

Description:

Testing:

• Tests should still pass

Screenshots (if applicable):

Checklist:

• Code follows the project's coding standards
• Tests have been added or updated to cover the changes
• Documentation has been updated (if applicable)
• All existing tests pass
• Conforms to the contributing guidelines

[excid3]

I just realized, we should probably just inherit from ActionController::API for webhooks controllers since they do not include forgery protection and other unnecessary features.

I will refactor this in another PR.

[luizkowalski]

What's interesting now is that I'm getting NameError: undefined local variable or method 'skip_forgery_protection' for class Pay::Webhooks::StripeController when running tests on my app (which was previously using my fork).

it's weird because the method is present in the stable and edge API.

I'm trying to understad what's going on

[luizkowalski]

ah, just realized you already changed the inheritance in the new version, sorry! I think skip_forgery_protection should be deleted from these controllers