Suppress CSRF token warnings (#6240)

CSRF token checking was enabled for API controllers in #6223,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.

This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.
master
Patrick Figel 7 years ago committed by Eugen Rochko
parent 2091ae92be
commit 537d2939b1
  1. 1
      app/controllers/api/web/push_subscriptions_controller.rb
  2. 3
      config/initializers/suppress_csrf_warnings.rb

@ -4,6 +4,7 @@ class Api::Web::PushSubscriptionsController < Api::BaseController
respond_to :json respond_to :json
before_action :require_user! before_action :require_user!
protect_from_forgery with: :exception
def create def create
params.require(:subscription).require(:endpoint) params.require(:subscription).require(:endpoint)

@ -0,0 +1,3 @@
# frozen_string_literal: true
ActionController::Base.log_warning_on_csrf_failure = false
Loading…
Cancel
Save