Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
cc3a82bc
Commit
cc3a82bc
authored
Jun 22, 2017
by
blackst0ne
Committed by
Douwe Maan
Jul 26, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add `rescue false`.
parent
8ce8b21f
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
3 additions
and
3 deletions
+3
-3
config/initializers/omniauth.rb
config/initializers/omniauth.rb
+1
-1
lib/api/helpers.rb
lib/api/helpers.rb
+1
-1
lib/gitlab/request_forgery_protection.rb
lib/gitlab/request_forgery_protection.rb
+1
-1
No files found.
config/initializers/omniauth.rb
View file @
cc3a82bc
...
@@ -16,7 +16,7 @@ OmniAuth.config.allowed_request_methods = [:post]
...
@@ -16,7 +16,7 @@ OmniAuth.config.allowed_request_methods = [:post]
# In case of auto sign-in, the GET method is used (users don't get to click on a button)
# In case of auto sign-in, the GET method is used (users don't get to click on a button)
OmniAuth
.
config
.
allowed_request_methods
<<
:get
if
Gitlab
.
config
.
omniauth
.
auto_sign_in_with_provider
.
present?
OmniAuth
.
config
.
allowed_request_methods
<<
:get
if
Gitlab
.
config
.
omniauth
.
auto_sign_in_with_provider
.
present?
OmniAuth
.
config
.
before_request_phase
do
|
env
|
OmniAuth
.
config
.
before_request_phase
do
|
env
|
Git
L
ab
::
RequestForgeryProtection
.
call
(
env
)
Git
l
ab
::
RequestForgeryProtection
.
call
(
env
)
end
end
if
Gitlab
.
config
.
omniauth
.
enabled
if
Gitlab
.
config
.
omniauth
.
enabled
...
...
lib/api/helpers.rb
View file @
cc3a82bc
...
@@ -338,7 +338,7 @@ module API
...
@@ -338,7 +338,7 @@ module API
# Check if CSRF tokens are valid.
# Check if CSRF tokens are valid.
def
verified_request?
def
verified_request?
Git
Lab
::
RequestForgeryProtection
.
call
(
env
)
Git
lab
::
RequestForgeryProtection
.
call
(
env
)
rescue
false
end
end
# Check the Rails session for valid authentication details
# Check the Rails session for valid authentication details
...
...
lib/gitlab/request_forgery_protection.rb
View file @
cc3a82bc
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
# It's used in API helpers and OmniAuth.
# It's used in API helpers and OmniAuth.
# Usage: GitLab::RequestForgeryProtection.call(env)
# Usage: GitLab::RequestForgeryProtection.call(env)
module
Git
L
ab
module
Git
l
ab
module
RequestForgeryProtection
module
RequestForgeryProtection
class
Controller
<
ActionController
::
Base
class
Controller
<
ActionController
::
Base
protect_from_forgery
with: :exception
protect_from_forgery
with: :exception
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment