Refactor CSRF protection

author: blackst0ne <blackst0ne.ru@gmail.com> 2017-06-21 17:52:54 +1100
committer: Douwe Maan <douwe@selenight.nl> 2017-07-26 11:05:44 +0200
commit: 8ce8b21f675709c884148d050663b9f2374cdc61 (patch)
tree: 524480e042ce4ee835a59bec0f3089e401c94913 /lib/gitlab/request_forgery_protection.rb
parent: 29022350999ab3ddc4518f7a7647939ec2de8e09 (diff)
download: gitlab-ce-8ce8b21f675709c884148d050663b9f2374cdc61.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/gitlab/request_forgery_protection.rb b/lib/gitlab/request_forgery_protection.rb
new file mode 100644
index 00000000000..071a72a1f8b
--- /dev/null
+++ b/lib/gitlab/request_forgery_protection.rb
@@ -0,0 +1,23 @@
+# A module to check CSRF tokens in requests.
+# It's used in API helpers and OmniAuth.
+# Usage: GitLab::RequestForgeryProtection.call(env)
+
+module GitLab
+  module RequestForgeryProtection
+    class Controller < ActionController::Base
+      protect_from_forgery with: :exception
+
+      def index
+        head :ok
+      end
+    end
+
+    def self.app
+      @app ||= Controller.action(:index)
+    end
+
+    def self.call(env)
+      app.call(env)
+    end
+  end
+end
author	blackst0ne <blackst0ne.ru@gmail.com>	2017-06-21 17:52:54 +1100
committer	Douwe Maan <douwe@selenight.nl>	2017-07-26 11:05:44 +0200
commit	8ce8b21f675709c884148d050663b9f2374cdc61 (patch)
tree	524480e042ce4ee835a59bec0f3089e401c94913 /lib/gitlab/request_forgery_protection.rb
parent	29022350999ab3ddc4518f7a7647939ec2de8e09 (diff)
download	gitlab-ce-8ce8b21f675709c884148d050663b9f2374cdc61.tar.gz