diff options
author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2019-07-20 16:30:26 +0300 |
---|---|---|
committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2019-08-22 18:44:09 +0300 |
commit | e00b07b978a9fb4f368f69aab99cfd105ab5b6b3 (patch) | |
tree | 53dedcdf2ae4bf1783c387aa1f34d29a01cebd79 /app/controllers/jwt_controller.rb | |
parent | 9f6ff5dca286b99a960e923efa5a24030de462ec (diff) |
JwtController avoids activating session checks
This used without a session and issues a sessionless token, so we
should avoid causing access checks based on the session.
Diffstat (limited to 'app/controllers/jwt_controller.rb')
-rw-r--r-- | app/controllers/jwt_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 5ecf4f114cf..da39d64c93d 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class JwtController < ApplicationController + skip_around_action :set_session_storage skip_before_action :authenticate_user! skip_before_action :verify_authenticity_token before_action :authenticate_project_or_user |