diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 18 |
1 files changed, 2 insertions, 16 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3af1afab06e..d3ecbdcc1f6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -23,6 +23,7 @@ class ApplicationController < ActionController::Base include Gitlab::Utils::StrongMemoize include ::Gitlab::EndpointAttributes include FlocOptOut + include CheckRateLimit before_action :authenticate_user!, except: [:route_not_found] before_action :enforce_terms!, if: :should_enforce_terms? @@ -66,10 +67,6 @@ class ApplicationController < ActionController::Base :manifest_import_enabled?, :phabricator_import_enabled?, :masked_page_url - # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security - # concerns due to caching private data. - DEFAULT_GITLAB_CACHE_CONTROL = "#{ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL}, no-store" - def self.endpoint_id_for_action(action_name) "#{self.name}##{action_name}" end @@ -283,10 +280,7 @@ class ApplicationController < ActionController::Base end def default_cache_headers - if current_user - headers['Cache-Control'] = default_cache_control - headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility - end + headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility end def stream_csv_headers(csv_filename) @@ -297,14 +291,6 @@ class ApplicationController < ActionController::Base headers['Content-Disposition'] = "attachment; filename=\"#{csv_filename}\"" end - def default_cache_control - if request.xhr? - ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL - else - DEFAULT_GITLAB_CACHE_CONTROL - end - end - def validate_user_service_ticket! return unless signed_in? && session[:service_tickets] |