diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-09-28 17:44:11 +0300 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2016-09-28 17:44:11 +0300 |
commit | a4cddd81f1b4bd56ca99b49ce947a5e381322125 (patch) | |
tree | b23ff985661ca4f745c801d2f3e901422297b75e /app/controllers | |
parent | 8e887c7efc8bd2a4fb4b1fb881c9d30b05023932 (diff) | |
parent | af5e54f9ce4f491ccf605c7c74c137785da743a4 (diff) |
Merge branch '22435-no-api-state-change-via-rails-session' into 'security'
API: disable rails session auth for non-GET/HEAD requests
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435
See merge request !1999
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/projects/labels_controller.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/projects/labels_controller.rb b/app/controllers/projects/labels_controller.rb index 28fa4a5b141..a6626df4826 100644 --- a/app/controllers/projects/labels_controller.rb +++ b/app/controllers/projects/labels_controller.rb @@ -30,9 +30,15 @@ class Projects::LabelsController < Projects::ApplicationController @label = @project.labels.create(label_params) if @label.valid? - redirect_to namespace_project_labels_path(@project.namespace, @project) + respond_to do |format| + format.html { redirect_to namespace_project_labels_path(@project.namespace, @project) } + format.json { render json: @label } + end else - render 'new' + respond_to do |format| + format.html { render 'new' } + format.json { render json: { message: @label.errors.messages }, status: 400 } + end end end |