diff options
author | Steffen van Bergerem <svbergerem@online.de> | 2016-09-03 01:11:28 +0300 |
---|---|---|
committer | Dennis Schubert <mail@dennis-schubert.de> | 2016-09-04 04:26:42 +0300 |
commit | c3de77e0fc2e53b01458de390218d7dcddf8835f (patch) | |
tree | 90930c7f42d31cbbc5e26c3835db06ffc3fcf8fe /app/controllers | |
parent | 6ad9000f8c16f6758c39b59412a4b6978910d690 (diff) |
Send notification mails on CSRF fails
closes #7050
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/application_controller.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 12e30346b..bc79acdb2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,7 +8,11 @@ class ApplicationController < ActionController::Base protect_from_forgery except: :receive, with: :exception rescue_from ActionController::InvalidAuthenticityToken do - sign_out current_user + if user_signed_in? + logger.warn "#{current_user.diaspora_handle} CSRF token fail. referer: #{request.referer || 'empty'}" + Workers::Mail::CsrfTokenFail.perform_async(current_user.id) + sign_out current_user + end flash[:error] = I18n.t("error_messages.csrf_token_fail") redirect_to new_user_session_path format: request[:format] end |