summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDouwe Maan <douwe@selenight.nl>2017-07-28 15:39:39 +0200
committerDouwe Maan <douwe@selenight.nl>2017-07-28 15:39:39 +0200
commitd020eabf2938858830125ace467b13695eb85962 (patch)
tree79b393794e1781bbeb24c88cf75eebd0e66a8b33
parent4d05e85375b81d94ef828c8c5544bf62a5abc024 (diff)
downloadgitlab-ce-d020eabf2938858830125ace467b13695eb85962.tar.gz
Add log messages to clarify log messages about API CSRF token verification failuredm-api-csrf-token-verification
-rw-r--r--lib/gitlab/request_forgery_protection.rb8
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/gitlab/request_forgery_protection.rb b/lib/gitlab/request_forgery_protection.rb
index 48dd0487790..ccfe0d6bed3 100644
--- a/lib/gitlab/request_forgery_protection.rb
+++ b/lib/gitlab/request_forgery_protection.rb
@@ -7,6 +7,14 @@ module Gitlab
class Controller < ActionController::Base
protect_from_forgery with: :exception
+ rescue_from ActionController::InvalidAuthenticityToken do |e|
+ logger.warn "This CSRF token verification failure is handled internally by `GitLab::RequestForgeryProtection`"
+ logger.warn "Unlike the logs may suggest, this does not result in an actual 422 response to the user"
+ logger.warn "For API requests, the only effect is that `current_user` will be `nil` for the duration of the request"
+
+ raise e
+ end
+
def index
head :ok
end