diff options
author | Sean McGivern <sean@mcgivern.me.uk> | 2017-07-27 10:20:52 +0000 |
---|---|---|
committer | Sean McGivern <sean@mcgivern.me.uk> | 2017-07-27 10:20:52 +0000 |
commit | ef50875d3aa27a8e7bcc3296f911da4710be0585 (patch) | |
tree | 6b3522c20239dc319719203372464a0aa88fd9cb /config | |
parent | 2850efcdd51909a5a92f844e7b8940ed0190d234 (diff) | |
parent | bfe8b96874c66c54e2e4c1a66a520087b217e9e7 (diff) | |
download | gitlab-ce-ef50875d3aa27a8e7bcc3296f911da4710be0585.tar.gz |
Merge branch '33601-add-csrf-token-verification-to-api' into 'master'
Resolve "Add CSRF token verification to API"
Closes #33601
See merge request !12154
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/omniauth.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index f7fa6d1c2de..a36e59c941a 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -16,7 +16,7 @@ OmniAuth.config.allowed_request_methods = [:post] # In case of auto sign-in, the GET method is used (users don't get to click on a button) OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_sign_in_with_provider.present? OmniAuth.config.before_request_phase do |env| - OmniAuth::RequestForgeryProtection.call(env) + Gitlab::RequestForgeryProtection.call(env) end if Gitlab.config.omniauth.enabled |