Add log messages to clarify log messages about API CSRF token verification failure (!13158) · Merge requests · GitLab.org / GitLab FOSS

Douwe Maan requested to merge dm-api-csrf-token-verification into master Jul 28, 2017

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/35705

Unfortunately, it doesn't seem possible to get rid of the "Started", "Processing" and "Completed" lines entirely.

With this change, the log now looks like this:

Started POST "/api/v4/users" for 127.0.0.1 at 2017-07-28 15:40:26 +0200
Processing by Gitlab::RequestForgeryProtection::Controller#index as */*
Can't verify CSRF token authenticity
This CSRF token verification failure is handled internally by `GitLab::RequestForgeryProtection`
Unlike the logs may suggest, this does not result in an actual 422 response to the user
For API requests, the only effect is that `current_user` will be `nil` for the duration of the request
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)

/cc @stanhu @ayufan

Edited Jul 28, 2017 by Douwe Maan

Admin message

Admin message

Add log messages to clarify log messages about API CSRF token verification failure

Merge request reports