Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-02-21 15:09:05 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-02-21 15:09:05 +0000
commit: cf6a3e7ed4cb10a3e9fcbda810601387afc8b8d6 (patch)
tree: bda3707e95a53cb225793fded61d5073950b0b68 /app/controllers/sessions_controller.rb
parent: 2a040e2655fe0a99df61ad0a7bd0c27e68af0c38 (diff)
download: gitlab-ce-cf6a3e7ed4cb10a3e9fcbda810601387afc8b8d6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index c29e9d3843b..e2dd2d77a30 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -39,7 +39,7 @@ class SessionsController < Devise::SessionsController
   # would cause the CSRF token to be cleared and then
   # RequestForgeryProtection#verify_authenticity_token would fail because of
   # token mismatch.
-  protect_from_forgery with: :exception, prepend: true
+  protect_from_forgery with: :exception, prepend: true, except: :destroy
 
   CAPTCHA_HEADER = 'X-GitLab-Show-Login-Captcha'
   MAX_FAILED_LOGIN_ATTEMPTS = 5
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-02-21 15:09:05 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-02-21 15:09:05 +0000
commit	cf6a3e7ed4cb10a3e9fcbda810601387afc8b8d6 (patch)
tree	bda3707e95a53cb225793fded61d5073950b0b68 /app/controllers/sessions_controller.rb
parent	2a040e2655fe0a99df61ad0a7bd0c27e68af0c38 (diff)
download	gitlab-ce-cf6a3e7ed4cb10a3e9fcbda810601387afc8b8d6.tar.gz