Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/request_forgery_protection.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/request_forgery_protection.rb')
-rw-r--r--lib/gitlab/request_forgery_protection.rb4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/gitlab/request_forgery_protection.rb b/lib/gitlab/request_forgery_protection.rb
index 79562a8223b..a84a6ac2d14 100644
--- a/lib/gitlab/request_forgery_protection.rb
+++ b/lib/gitlab/request_forgery_protection.rb
@@ -23,7 +23,9 @@ module Gitlab
end
def self.verified?(env)
- call(env)
+ minimal_env = env.slice('REQUEST_METHOD', 'rack.session', 'HTTP_X_CSRF_TOKEN')
+ .merge('rack.input' => '')
+ call(minimal_env)
true
rescue ActionController::InvalidAuthenticityToken
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 01:32:11 +0300