# frozen_string_literal: true module Gitlab module RequestForgeryProtectionPatch private # Patch to generate 6.0.3 tokens so that we do not have CSRF errors while # rolling out 6.0.3.1. This enables GitLab to have a mix of 6.0.3 and # 6.0.3.1 Rails servers # # 1. Deploy this patch with :global_csrf_token FF disabled. # 2. Once all Rails servers are on 6.0.3.1, enable :global_csrf_token FF. # 3. On GitLab 13.2, remove this patch def masked_authenticity_token(session, form_options: {}) action, method = form_options.values_at(:action, :method) raw_token = if per_form_csrf_tokens && action && method action_path = normalize_action_path(action) per_form_csrf_token(session, action_path, method) else if Feature.enabled?(:global_csrf_token) global_csrf_token(session) else real_csrf_token(session) end end mask_token(raw_token) end end end ActionController::Base.include Gitlab::RequestForgeryProtectionPatch