Merge branch 'sh-fix-cross-site-forgery-errors' into 'master'
Return a blank JSON response for a missing .js file to prevent Rails CSRF errors Closes #40771 See merge request gitlab-org/gitlab-ce!16664
This commit is contained in:
commit
e2a56af930
|
@ -147,6 +147,8 @@ class ApplicationController < ActionController::Base
|
|||
format.html do
|
||||
render file: Rails.root.join("public", "404"), layout: false, status: "404"
|
||||
end
|
||||
# Prevent the Rails CSRF protector from thinking a missing .js file is a JavaScript file
|
||||
format.js { render json: '', status: :not_found, content_type: 'application/json' }
|
||||
format.any { head :not_found }
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue