Do not validate CSRF token in API unless needed

14644d40 · Douwe Maan · 6fe736f2 · 14644d40 · 14644d40
Commit 14644d40 authored 7 years ago by Douwe Maan
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -48,8 +48,8 @@ module API
    end
  
    before { header['X-Frame-Options'] = 'SAMEORIGIN' }
-    before { Gitlab::I18n.locale = current_user&.preferred_language }
  
+    # The locale is set to the current user's locale when `current_user` is loaded
    after { Gitlab::I18n.use_default_locale }
  
    rescue_from Gitlab::Access::AccessDeniedError do

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -16,6 +16,8 @@ module API
  
      @current_user = initial_current_user
  
+      Gitlab::I18n.locale = @current_user&.preferred_language
+
      sudo!
  
      @current_user