Merge branch '33601-add-csrf-token-verification-to-api' into 'master'

Resolve "Add CSRF token verification to API" Closes #33601 See merge request !12154
author: Sean McGivern <sean@mcgivern.me.uk> 2017-07-27 13:20:52 +0300
committer: Sean McGivern <sean@mcgivern.me.uk> 2017-07-27 13:20:52 +0300
commit: ef50875d3aa27a8e7bcc3296f911da4710be0585 (patch)
tree: 6b3522c20239dc319719203372464a0aa88fd9cb /config/initializers
parent: 2850efcdd51909a5a92f844e7b8940ed0190d234 (diff)
parent: bfe8b96874c66c54e2e4c1a66a520087b217e9e7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index f7fa6d1c2de..a36e59c941a 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -16,7 +16,7 @@ OmniAuth.config.allowed_request_methods = [:post]
 # In case of auto sign-in, the GET method is used (users don't get to click on a button)
 OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_sign_in_with_provider.present?
 OmniAuth.config.before_request_phase do |env|
-  OmniAuth::RequestForgeryProtection.call(env)
+  Gitlab::RequestForgeryProtection.call(env)
 end
 
 if Gitlab.config.omniauth.enabled
author	Sean McGivern <sean@mcgivern.me.uk>	2017-07-27 13:20:52 +0300
committer	Sean McGivern <sean@mcgivern.me.uk>	2017-07-27 13:20:52 +0300
commit	ef50875d3aa27a8e7bcc3296f911da4710be0585 (patch)
tree	6b3522c20239dc319719203372464a0aa88fd9cb /config/initializers
parent	2850efcdd51909a5a92f844e7b8940ed0190d234 (diff)
parent	bfe8b96874c66c54e2e4c1a66a520087b217e9e7 (diff)