diff options
author | Rémy Coutable <remy@rymai.me> | 2019-02-05 20:13:28 +0300 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2019-02-05 20:13:28 +0300 |
commit | 8b02d58edeab14cfce9af5fdf8bbd9defe7e0c4b (patch) | |
tree | 21e18d6ea6a5821dd5807882bcb054e948ce6f94 /app | |
parent | 22caeb58a49a7ed2ccef7e5191e5a8c3f9ff7d10 (diff) | |
parent | 6548e01f18c24ec8703bb85557d7509dbeace013 (diff) |
Merge branch 'jej/avoid-csrf-check-on-saml-failure' into 'master'
Skip CSRF check on SAML failure endpoint
Closes #56574
See merge request gitlab-org/gitlab-ce!24509
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index f8e482937d5..97120273d6b 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -4,7 +4,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController include AuthenticatesWithTwoFactor include Devise::Controllers::Rememberable - protect_from_forgery except: [:kerberos, :saml, :cas3], prepend: true + protect_from_forgery except: [:kerberos, :saml, :cas3, :failure], with: :exception, prepend: true def handle_omniauth omniauth_flow(Gitlab::Auth::OAuth) |