diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-21 14:21:10 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-21 14:21:10 +0000 |
| commit | cb0d23c455b73486fd1015f8ca9479b5b7e3585d (patch) | |
| tree | d7dc129a407fd74266d2dc561bebf24665197c2f /app/controllers/graphql_controller.rb | |
| parent | c3e911be175c0aabfea1eb030f9e0ef23f5f3887 (diff) | |
| download | gitlab-ce-cb0d23c455b73486fd1015f8ca9479b5b7e3585d.tar.gz | |
Add latest changes from gitlab-org/gitlab@12-7-stable-ee
Diffstat (limited to 'app/controllers/graphql_controller.rb')
| -rw-r--r-- | app/controllers/graphql_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index 72d40f709e6..d7ff2ded5ae 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -3,6 +3,7 @@ class GraphqlController < ApplicationController # Unauthenticated users have access to the API for public data skip_before_action :authenticate_user! + skip_around_action :set_session_storage # Allow missing CSRF tokens, this would mean that if a CSRF is invalid or missing, # the user won't be authenticated but can proceed as an anonymous user. |