gitlab-org--gitlab-foss/lib/gitlab/request_forgery_protection.rb

# A module to check CSRF tokens in requests.
# It's used in API helpers and OmniAuth.
# Usage: GitLab::RequestForgeryProtection.call(env)

module GitLab
  module RequestForgeryProtection
    class Controller < ActionController::Base
      protect_from_forgery with: :exception

      def index
        head :ok
      end
    end

    def self.app
      @app ||= Controller.action(:index)
    end

    def self.call(env)
      app.call(env)
    end
  end
end
Refactor CSRF protection 2017-06-21 02:52:54 -04:00			`# A module to check CSRF tokens in requests.`
			`# It's used in API helpers and OmniAuth.`
			`# Usage: GitLab::RequestForgeryProtection.call(env)`
Protect OmniAuth request phase against CSRF. 2015-04-24 11:03:18 -04:00
Refactor CSRF protection 2017-06-21 02:52:54 -04:00			`module GitLab`
Fix signin with OmniAuth providers 2015-12-08 08:41:19 -05:00			`module RequestForgeryProtection`
			`class Controller < ActionController::Base`
			`protect_from_forgery with: :exception`
Protect OmniAuth request phase against CSRF. 2015-04-24 11:03:18 -04:00
Fix signin with OmniAuth providers 2015-12-08 08:41:19 -05:00			`def index`
			`head :ok`
Protect OmniAuth request phase against CSRF. 2015-04-24 11:03:18 -04:00			`end`
			`end`

Fix signin with OmniAuth providers 2015-12-08 08:41:19 -05:00			`def self.app`
			`@app \|\|= Controller.action(:index)`
Protect OmniAuth request phase against CSRF. 2015-04-24 11:03:18 -04:00			`end`

Fix signin with OmniAuth providers 2015-12-08 08:41:19 -05:00			`def self.call(env)`
			`app.call(env)`
Protect OmniAuth request phase against CSRF. 2015-04-24 11:03:18 -04:00			`end`
			`end`
			`end`