debian-mirror-gitlab/lib/gitlab/request_forgery_protection.rb

# frozen_string_literal: true

# A module to check CSRF tokens in requests.
# It's used in API helpers and OmniAuth.
# Usage: GitLab::RequestForgeryProtection.call(env)

module Gitlab
  module RequestForgeryProtection
    class Controller < ActionController::Base
      protect_from_forgery with: :exception, prepend: true

      def index
        head :ok
      end
    end

    def self.app
      @app ||= Controller.action(:index)
    end

    def self.call(env)
      app.call(env)
    end

    def self.verified?(env)
      call(env)

      true
    rescue ActionController::InvalidAuthenticityToken
      false
    end
  end
end
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`# frozen_string_literal: true`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`# A module to check CSRF tokens in requests.`
			`# It's used in API helpers and OmniAuth.`
			`# Usage: GitLab::RequestForgeryProtection.call(env)`

			`module Gitlab`
			`module RequestForgeryProtection`
			`class Controller < ActionController::Base`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`protect_from_forgery with: :exception, prepend: true`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`def index`
			`head :ok`
			`end`
			`end`

			`def self.app`
			`@app \|\|= Controller.action(:index)`
			`end`

			`def self.call(env)`
			`app.call(env)`
			`end`

			`def self.verified?(env)`
			`call(env)`

			`true`
			`rescue ActionController::InvalidAuthenticityToken`
			`false`
			`end`
			`end`
			`end`