Merge branch 'dm-api-csrf-token-verification' into 'master'
Add log messages to clarify log messages about API CSRF token verification failure Closes #35705 See merge request !13158
This commit is contained in:
commit
bd2b68d73e
1 changed files with 8 additions and 0 deletions
|
@ -7,6 +7,14 @@ module Gitlab
|
||||||
class Controller < ActionController::Base
|
class Controller < ActionController::Base
|
||||||
protect_from_forgery with: :exception
|
protect_from_forgery with: :exception
|
||||||
|
|
||||||
|
rescue_from ActionController::InvalidAuthenticityToken do |e|
|
||||||
|
logger.warn "This CSRF token verification failure is handled internally by `GitLab::RequestForgeryProtection`"
|
||||||
|
logger.warn "Unlike the logs may suggest, this does not result in an actual 422 response to the user"
|
||||||
|
logger.warn "For API requests, the only effect is that `current_user` will be `nil` for the duration of the request"
|
||||||
|
|
||||||
|
raise e
|
||||||
|
end
|
||||||
|
|
||||||
def index
|
def index
|
||||||
head :ok
|
head :ok
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue