Skip to content

G
gitlab-ce
Commit dcf4a2e8 authored by Douwe Maan's avatar Douwe Maan
Browse files
Options

Rescue only from ActionController::InvalidAuthenticityToken

parent 5a1f3df3
Show whitespace changes
Inline Side-by-side
Showing with 10 additions and 2 deletions
lib/api/helpers.rb
View file @ dcf4a2e8
...@@ -336,9 +336,9 @@ module API ...@@ -336,9 +336,9 @@ module API
env['warden'] env['warden']
end end
# Check if CSRF tokens are valid. # Check if the request is GET/HEAD, or if CSRF token is valid.
def verified_request? def verified_request?
Gitlab::RequestForgeryProtection.call(env) rescue false Gitlab::RequestForgeryProtection.verified?(env)
end end
# Check the Rails session for valid authentication details # Check the Rails session for valid authentication details
......
lib/gitlab/request_forgery_protection.rb
View file @ dcf4a2e8
...@@ -19,5 +19,13 @@ module Gitlab ...@@ -19,5 +19,13 @@ module Gitlab
def self.call(env) def self.call(env)
app.call(env) app.call(env)
end end
def self.verified?(env)
call(env)
true
rescue ActionController::InvalidAuthenticityToken
false
end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7