Add `rescue false`.
This commit is contained in:
parent
8ce8b21f67
commit
cc3a82bc8b
|
@ -16,7 +16,7 @@ OmniAuth.config.allowed_request_methods = [:post]
|
|||
# In case of auto sign-in, the GET method is used (users don't get to click on a button)
|
||||
OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_sign_in_with_provider.present?
|
||||
OmniAuth.config.before_request_phase do |env|
|
||||
GitLab::RequestForgeryProtection.call(env)
|
||||
Gitlab::RequestForgeryProtection.call(env)
|
||||
end
|
||||
|
||||
if Gitlab.config.omniauth.enabled
|
||||
|
|
|
@ -338,7 +338,7 @@ module API
|
|||
|
||||
# Check if CSRF tokens are valid.
|
||||
def verified_request?
|
||||
GitLab::RequestForgeryProtection.call(env)
|
||||
Gitlab::RequestForgeryProtection.call(env) rescue false
|
||||
end
|
||||
|
||||
# Check the Rails session for valid authentication details
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# It's used in API helpers and OmniAuth.
|
||||
# Usage: GitLab::RequestForgeryProtection.call(env)
|
||||
|
||||
module GitLab
|
||||
module Gitlab
|
||||
module RequestForgeryProtection
|
||||
class Controller < ActionController::Base
|
||||
protect_from_forgery with: :exception
|
||||
|
|
Loading…
Reference in New Issue