Suppress CSRF token warnings (#6240)
CSRF token checking was enabled for API controllers in #6223, producing "Can't verify CSRF token authenticity" log spam. This disables logging of failed CSRF checks. This also changes the protection strategy for PushSubscriptionsController to use exceptions, making it consistent with other controllers that use sessions.
This commit is contained in:
parent
2091ae92be
commit
537d2939b1
|
@ -4,6 +4,7 @@ class Api::Web::PushSubscriptionsController < Api::BaseController
|
||||||
respond_to :json
|
respond_to :json
|
||||||
|
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
protect_from_forgery with: :exception
|
||||||
|
|
||||||
def create
|
def create
|
||||||
params.require(:subscription).require(:endpoint)
|
params.require(:subscription).require(:endpoint)
|
||||||
|
|
3
config/initializers/suppress_csrf_warnings.rb
Normal file
3
config/initializers/suppress_csrf_warnings.rb
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
ActionController::Base.log_warning_on_csrf_failure = false
|
Loading…
Reference in a new issue