From 14644d40e0852403ba71435bf3a949af00a7d569 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@selenight.nl>
Date: Wed, 2 Aug 2017 18:20:31 +0200
Subject: Do not validate CSRF token in API unless needed

---
 lib/api/api.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/api/api.rb')

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 045a0db1842..ad278b251c7 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -48,8 +48,8 @@ module API
     end
 
     before { header['X-Frame-Options'] = 'SAMEORIGIN' }
-    before { Gitlab::I18n.locale = current_user&.preferred_language }
 
+    # The locale is set to the current user's locale when `current_user` is loaded
     after { Gitlab::I18n.use_default_locale }
 
     rescue_from Gitlab::Access::AccessDeniedError do
-- 
cgit v1.2.1