application_controller.rb.patch

ActionController::UnknownFormat & CSRF - Pavel Rosick√Ĺ, 2017-08-17 01:26

Download (1.11 KB)

View differences:

application_controller.rb (working copy)
55 55

  
56 56
  rescue_from ::Unauthorized, :with => :deny_access
57 57
  rescue_from ::ActionView::MissingTemplate, :with => :missing_template
58
  rescue_from ::ActionController::UnknownFormat, :with => :unknown_format
59
  rescue_from ::ActionController::InvalidCrossOriginRequest, :with => :csrf_error
58 60

  
59 61
  include Redmine::Search::Controller
60 62
  include Redmine::MenuManager::MenuController
......
508 510
    render_404
509 511
  end
510 512

  
513
  def unknown_format(exception)
514
    if Rails.application.config.consider_all_requests_local
515
      raise exception
516
    else
517
      head 406
518
    end
519
  end
520

  
521
  def csrf_error(exception)
522
    if Rails.application.config.consider_all_requests_local
523
      raise exception
524
    else
525
      self.response_body = nil
526
      head 400
527
    end
528
  end
529

  
511 530
  # Filter for actions that provide an API response
512 531
  # but have no HTML representation for non admin users
513 532
  def require_admin_or_api_request