diff options
author | blackst0ne <blackst0ne.ru@gmail.com> | 2017-06-21 17:52:54 +1100 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2017-07-26 11:05:44 +0200 |
commit | 8ce8b21f675709c884148d050663b9f2374cdc61 (patch) | |
tree | 524480e042ce4ee835a59bec0f3089e401c94913 /lib/gitlab/request_forgery_protection.rb | |
parent | 29022350999ab3ddc4518f7a7647939ec2de8e09 (diff) | |
download | gitlab-ce-8ce8b21f675709c884148d050663b9f2374cdc61.tar.gz |
Refactor CSRF protection
Diffstat (limited to 'lib/gitlab/request_forgery_protection.rb')
-rw-r--r-- | lib/gitlab/request_forgery_protection.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/gitlab/request_forgery_protection.rb b/lib/gitlab/request_forgery_protection.rb new file mode 100644 index 00000000000..071a72a1f8b --- /dev/null +++ b/lib/gitlab/request_forgery_protection.rb @@ -0,0 +1,23 @@ +# A module to check CSRF tokens in requests. +# It's used in API helpers and OmniAuth. +# Usage: GitLab::RequestForgeryProtection.call(env) + +module GitLab + module RequestForgeryProtection + class Controller < ActionController::Base + protect_from_forgery with: :exception + + def index + head :ok + end + end + + def self.app + @app ||= Controller.action(:index) + end + + def self.call(env) + app.call(env) + end + end +end |