diff options
author | Phil Hughes <me@iamphill.com> | 2016-10-12 12:00:49 +0300 |
---|---|---|
committer | Phil Hughes <me@iamphill.com> | 2016-10-12 12:00:49 +0300 |
commit | e5eab3bd000908dff4e03b9c19e88689071c81b5 (patch) | |
tree | 32e85ed38d1546db4a7fd2760bae626981e24b12 /lib/api/helpers.rb | |
parent | 533a6fa765ad09368b42d29536c549d68ba7b8d1 (diff) | |
parent | d3a9838065ab4cd4d1519f6d201b43c9a2b12f2c (diff) |
Merge branch 'master' into all-filter-toggleall-filter-toggle
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 714d4ea3dc6..67473f300c9 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -21,8 +21,11 @@ module API end # Check the Rails session for valid authentication details + # + # Until CSRF protection is added to the API, disallow this method for + # state-changing endpoints def find_user_from_warden - warden ? warden.authenticate : nil + warden.try(:authenticate) if %w[GET HEAD].include?(env['REQUEST_METHOD']) end def find_user_by_private_token @@ -430,7 +433,7 @@ module API end def secret_token - File.read(Gitlab.config.gitlab_shell.secret_file).chomp + Gitlab::Shell.secret_token end def send_git_blob(repository, blob) |