Do not validate CSRF token in API unless needed (!13256) · Merge requests · GitLab.org / GitLab FOSS

Douwe Maan requested to merge dm-api-current-user into master Aug 02, 2017

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/35705

Calling current_user automatically triggers CSRF token validation, and we were calling current_user even in cases where we knew we didn't need it through a before.

/cc @stanhu @ayufan

Admin message

Admin message

Do not validate CSRF token in API unless needed

Merge request reports