Rescue only from ActionController::InvalidAuthenticityToken
This commit is contained in:
parent
5a1f3df3b8
commit
dcf4a2e83c
|
@ -336,9 +336,9 @@ module API
|
|||
env['warden']
|
||||
end
|
||||
|
||||
# Check if CSRF tokens are valid.
|
||||
# Check if the request is GET/HEAD, or if CSRF token is valid.
|
||||
def verified_request?
|
||||
Gitlab::RequestForgeryProtection.call(env) rescue false
|
||||
Gitlab::RequestForgeryProtection.verified?(env)
|
||||
end
|
||||
|
||||
# Check the Rails session for valid authentication details
|
||||
|
|
|
@ -19,5 +19,13 @@ module Gitlab
|
|||
def self.call(env)
|
||||
app.call(env)
|
||||
end
|
||||
|
||||
def self.verified?(env)
|
||||
call(env)
|
||||
|
||||
true
|
||||
rescue ActionController::InvalidAuthenticityToken
|
||||
false
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue