1 files changed, 33 insertions, 0 deletions

diff --git a/config/initializers/actionpack_generate_old_csrf_token.rb b/config/initializers/actionpack_generate_old_csrf_token.rb
new file mode 100644
index 00000000000..6367a1d4d59
--- /dev/null
+++ b/config/initializers/actionpack_generate_old_csrf_token.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module RequestForgeryProtectionPatch
+    private
+
+    # Patch to generate 6.0.3 tokens so that we do not have CSRF errors while
+    # rolling out 6.0.3.1. This enables GitLab to have a mix of 6.0.3 and
+    # 6.0.3.1 Rails servers
+    #
+    # 1. Deploy this patch with :global_csrf_token FF disabled.
+    # 2. Once all Rails servers are on 6.0.3.1, enable :global_csrf_token FF.
+    # 3. On GitLab 13.2, remove this patch
+    def masked_authenticity_token(session, form_options: {})
+      action, method = form_options.values_at(:action, :method)
+
+      raw_token = if per_form_csrf_tokens && action && method
+                    action_path = normalize_action_path(action)
+                    per_form_csrf_token(session, action_path, method)
+                  else
+                    if Feature.enabled?(:global_csrf_token)
+                      global_csrf_token(session)
+                    else
+                      real_csrf_token(session)
+                    end
+                  end
+
+      mask_token(raw_token)
+    end
+  end
+end
+
+ActionController::Base.include Gitlab::RequestForgeryProtectionPatch