Suppress CSRF token warnings (#6240)

CSRF token checking was enabled for API controllers in #6223, producing "Can't verify CSRF token authenticity" log spam. This disables logging of failed CSRF checks. This also changes the protection strategy for PushSubscriptionsController to use exceptions, making it consistent with other controllers that use sessions.
author: Patrick Figel <patrick@figel.email> 2018-01-15 06:51:23 +0100
committer: Eugen Rochko <eugen@zeonfederated.com> 2018-01-15 06:51:23 +0100
commit: 537d2939b10df9121e5a9f13a9d66c568ff681bf (patch)
tree: 8e4dcb8a4566497534ad0bd81b12c318bd760bcb /config/initializers/suppress_csrf_warnings.rb
parent: 2091ae92be5d04cd4dadb2200c507ce8d8d2623e (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/config/initializers/suppress_csrf_warnings.rb b/config/initializers/suppress_csrf_warnings.rb
new file mode 100644
index 000000000..410ab585b
--- /dev/null
+++ b/config/initializers/suppress_csrf_warnings.rb
@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+ActionController::Base.log_warning_on_csrf_failure = false
author	Patrick Figel <patrick@figel.email>	2018-01-15 06:51:23 +0100
committer	Eugen Rochko <eugen@zeonfederated.com>	2018-01-15 06:51:23 +0100
commit	537d2939b10df9121e5a9f13a9d66c568ff681bf (patch)
tree	8e4dcb8a4566497534ad0bd81b12c318bd760bcb /config/initializers/suppress_csrf_warnings.rb
parent	2091ae92be5d04cd4dadb2200c507ce8d8d2623e (diff)