[Rails5] Force the `protect_from_forgery` callback run firstblackst0ne-fix-protect-from-forgery-in-application-controller

Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by default anymore. [1] Instead it gets inserted into callbacks chain where callbacks get called in order. This commit forces the callback to run first. [1]: https://github.com/rails/rails/commit/39794037817703575c35a75f1961b01b83791191
author: blackst0ne <blackst0ne.ru@gmail.com> 2018-06-21 21:44:31 +1100
committer: blackst0ne <blackst0ne.ru@gmail.com> 2018-06-21 21:44:31 +1100
commit: 6fef87f17fa6fde7c15668faa43b563eebc0a918 (patch)
tree: d7d03db4922dba9e04df4e1fcf86660296322b84 /app/controllers/omniauth_callbacks_controller.rb
parent: e40aa397700f997b320d9e6299ab3b15b75c77a8 (diff)
download: gitlab-ce-6fef87f17fa6fde7c15668faa43b563eebc0a918.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 27fd5f7ba37..ba62d2d5142 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -2,7 +2,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
   include AuthenticatesWithTwoFactor
   include Devise::Controllers::Rememberable
 
-  protect_from_forgery except: [:kerberos, :saml, :cas3]
+  protect_from_forgery except: [:kerberos, :saml, :cas3], prepend: true
 
   def handle_omniauth
     omniauth_flow(Gitlab::Auth::OAuth)
author	blackst0ne <blackst0ne.ru@gmail.com>	2018-06-21 21:44:31 +1100
committer	blackst0ne <blackst0ne.ru@gmail.com>	2018-06-21 21:44:31 +1100
commit	6fef87f17fa6fde7c15668faa43b563eebc0a918 (patch)
tree	d7d03db4922dba9e04df4e1fcf86660296322b84 /app/controllers/omniauth_callbacks_controller.rb
parent	e40aa397700f997b320d9e6299ab3b15b75c77a8 (diff)
download	gitlab-ce-6fef87f17fa6fde7c15668faa43b563eebc0a918.tar.gz