Commit d020eabf authored by Douwe Maan's avatar Douwe Maan

Add log messages to clarify log messages about API CSRF token verification failure

parent 4d05e853
...@@ -7,6 +7,14 @@ module Gitlab ...@@ -7,6 +7,14 @@ module Gitlab
class Controller < ActionController::Base class Controller < ActionController::Base
protect_from_forgery with: :exception protect_from_forgery with: :exception
rescue_from ActionController::InvalidAuthenticityToken do |e|
logger.warn "This CSRF token verification failure is handled internally by `GitLab::RequestForgeryProtection`"
logger.warn "Unlike the logs may suggest, this does not result in an actual 422 response to the user"
logger.warn "For API requests, the only effect is that `current_user` will be `nil` for the duration of the request"
raise e
end
def index def index
head :ok head :ok
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment