Add `rescue false`.

cc3a82bc · blackst0ne · Douwe Maan · 8ce8b21f · cc3a82bc · cc3a82bc
Commit cc3a82bc authored Jun 22, 2017 by blackst0ne Committed by Douwe Maan Jul 26, 2017
Showing with 3 additions and 3 deletions

config/initializers/omniauth.rb config/initializers/omniauth.rb +1 -1

lib/api/helpers.rb lib/api/helpers.rb +1 -1

lib/gitlab/request_forgery_protection.rb lib/gitlab/request_forgery_protection.rb +1 -1

No files found.
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -16,7 +16,7 @@ OmniAuth.config.allowed_request_methods = [:post]
 # In case of auto sign-in, the GET method is used (users don't get to click on a button)
 OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_sign_in_with_provider.present?
 OmniAuth.config.before_request_phase do |env|
-  GitLab::RequestForgeryProtection.call(env)
+  Gitlab::RequestForgeryProtection.call(env)
 end

 if Gitlab.config.omniauth.enabled

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -338,7 +338,7 @@ module API

    # Check if CSRF tokens are valid.
    def verified_request?
-      GitLab::RequestForgeryProtection.call(env)
+      Gitlab::RequestForgeryProtection.call(env) rescue false
    end

    # Check the Rails session for valid authentication details

--- a/lib/gitlab/request_forgery_protection.rb
+++ b/lib/gitlab/request_forgery_protection.rb
@@ -2,7 +2,7 @@
 # It's used in API helpers and OmniAuth.
 # Usage: GitLab::RequestForgeryProtection.call(env)

-module GitLab
+module Gitlab
  module RequestForgeryProtection
    class Controller < ActionController::Base
      protect_from_forgery with: :exception