me/glitchier-soc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Suppress CSRF token warnings (#6240)

Browse source 
CSRF token checking was enabled for API controllers in #6223,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.

This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.
This commit is contained in:
Patrick Figel 2018-01-15 06:51:23 +01:00 committed by Eugen Rochko
parent e980900b7d
commit 2a27afc656
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/controllers/api/web/push_subscriptions_controller.rb
View file

@ -4,6 +4,7 @@ class Api::Web::PushSubscriptionsController < Api::BaseController
respond_to :json respond_to :json
before_action :require_user! before_action :require_user!
protect_from_forgery with: :exception
def create def create
params.require(:subscription).require(:endpoint) params.require(:subscription).require(:endpoint)

3
config/initializers/suppress_csrf_warnings.rb Normal file
View file

@ -0,0 +1,3 @@
# frozen_string_literal: true
ActionController::Base.log_warning_on_csrf_failure = false