diff options
author | Patrick Figel <patrick@figel.email> | 2018-01-15 06:51:23 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-01-15 06:51:23 +0100 |
commit | 537d2939b10df9121e5a9f13a9d66c568ff681bf (patch) | |
tree | 8e4dcb8a4566497534ad0bd81b12c318bd760bcb /config | |
parent | 2091ae92be5d04cd4dadb2200c507ce8d8d2623e (diff) |
Suppress CSRF token warnings (#6240)
CSRF token checking was enabled for API controllers in #6223, producing "Can't verify CSRF token authenticity" log spam. This disables logging of failed CSRF checks. This also changes the protection strategy for PushSubscriptionsController to use exceptions, making it consistent with other controllers that use sessions.
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/suppress_csrf_warnings.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/config/initializers/suppress_csrf_warnings.rb b/config/initializers/suppress_csrf_warnings.rb new file mode 100644 index 000000000..410ab585b --- /dev/null +++ b/config/initializers/suppress_csrf_warnings.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +ActionController::Base.log_warning_on_csrf_failure = false |