BigW Consortium Gitlab

Commit dcf4a2e8 by Douwe Maan

Rescue only from ActionController::InvalidAuthenticityToken

parent 5a1f3df3
......@@ -336,9 +336,9 @@ module API
env['warden']
end
# Check if CSRF tokens are valid.
# Check if the request is GET/HEAD, or if CSRF token is valid.
def verified_request?
Gitlab::RequestForgeryProtection.call(env) rescue false
Gitlab::RequestForgeryProtection.verified?(env)
end
# Check the Rails session for valid authentication details
......
......@@ -19,5 +19,13 @@ module Gitlab
def self.call(env)
app.call(env)
end
def self.verified?(env)
call(env)
true
rescue ActionController::InvalidAuthenticityToken
false
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment