diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
commit | 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch) | |
tree | 4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /app/controllers/application_controller.rb | |
parent | 744144d28e3e7fddc117924fef88de5d9674fe4c (diff) | |
download | gitlab-ce-14.3.0-rc42.tar.gz |
Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 34bad74a9fc..a83458f3260 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -42,6 +42,7 @@ class ApplicationController < ActionController::Base # Make sure the `auth_user` is memoized so it can be logged, we do this after # all other before filters that could have set the user. before_action :auth_user + before_action :limit_session_time, if: -> { !current_user } prepend_around_action :set_current_context @@ -51,7 +52,7 @@ class ApplicationController < ActionController::Base around_action :set_current_admin after_action :set_page_title_header, if: :json_request? - after_action :limit_session_time, if: -> { !current_user } + after_action :ensure_authenticated_session_time, if: -> { current_user } protect_from_forgery with: :exception, prepend: true @@ -62,7 +63,8 @@ class ApplicationController < ActionController::Base :bitbucket_import_enabled?, :bitbucket_import_configured?, :bitbucket_server_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?, :gitlab_project_import_enabled?, - :manifest_import_enabled?, :phabricator_import_enabled? + :manifest_import_enabled?, :phabricator_import_enabled?, + :masked_page_url # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security # concerns due to caching private data. |