diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2017-07-28 14:39:36 +0000 | 
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2017-07-28 14:39:36 +0000 | 
| commit | bd2b68d73ed01c8289ccbb7d4446c9474e817481 (patch) | |
| tree | c176a9e7570ac630b350f90e5b31fe695911ccd8 /lib | |
| parent | 48c51e207e4cba8a69e4ca65cba1e169d384cefa (diff) | |
| parent | d020eabf2938858830125ace467b13695eb85962 (diff) | |
| download | gitlab-ce-bd2b68d73ed01c8289ccbb7d4446c9474e817481.tar.gz | |
Merge branch 'dm-api-csrf-token-verification' into 'master'
Add log messages to clarify log messages about API CSRF token verification failure
Closes #35705
See merge request !13158
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/request_forgery_protection.rb | 8 | 
1 files changed, 8 insertions, 0 deletions
| diff --git a/lib/gitlab/request_forgery_protection.rb b/lib/gitlab/request_forgery_protection.rb index 48dd0487790..ccfe0d6bed3 100644 --- a/lib/gitlab/request_forgery_protection.rb +++ b/lib/gitlab/request_forgery_protection.rb @@ -7,6 +7,14 @@ module Gitlab      class Controller < ActionController::Base        protect_from_forgery with: :exception +      rescue_from ActionController::InvalidAuthenticityToken do |e| +        logger.warn "This CSRF token verification failure is handled internally by `GitLab::RequestForgeryProtection`" +        logger.warn "Unlike the logs may suggest, this does not result in an actual 422 response to the user" +        logger.warn "For API requests, the only effect is that `current_user` will be `nil` for the duration of the request" + +        raise e +      end +        def index          head :ok        end | 
