diff options
author | blackst0ne <blackst0ne.ru@gmail.com> | 2018-06-21 13:44:31 +0300 |
---|---|---|
committer | blackst0ne <blackst0ne.ru@gmail.com> | 2018-06-21 13:44:31 +0300 |
commit | 6fef87f17fa6fde7c15668faa43b563eebc0a918 (patch) | |
tree | d7d03db4922dba9e04df4e1fcf86660296322b84 /lib/gitlab/request_forgery_protection.rb | |
parent | e40aa397700f997b320d9e6299ab3b15b75c77a8 (diff) |
[Rails5] Force the `protect_from_forgery` callback run first
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by
default anymore. [1]
Instead it gets inserted into callbacks chain where callbacks get
called in order.
This commit forces the callback to run first.
[1]: https://github.com/rails/rails/commit/39794037817703575c35a75f1961b01b83791191
Diffstat (limited to 'lib/gitlab/request_forgery_protection.rb')
-rw-r--r-- | lib/gitlab/request_forgery_protection.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/request_forgery_protection.rb b/lib/gitlab/request_forgery_protection.rb index ccfe0d6bed3..a502ad8a541 100644 --- a/lib/gitlab/request_forgery_protection.rb +++ b/lib/gitlab/request_forgery_protection.rb @@ -5,7 +5,7 @@ module Gitlab module RequestForgeryProtection class Controller < ActionController::Base - protect_from_forgery with: :exception + protect_from_forgery with: :exception, prepend: true rescue_from ActionController::InvalidAuthenticityToken do |e| logger.warn "This CSRF token verification failure is handled internally by `GitLab::RequestForgeryProtection`" |