From 14644d40e0852403ba71435bf3a949af00a7d569 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@selenight.nl>
Date: Wed, 2 Aug 2017 18:20:31 +0200
Subject: [PATCH] Do not validate CSRF token in API unless needed

---
 lib/api/api.rb     | 2 +-
 lib/api/helpers.rb | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 045a0db1842..ad278b251c7 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -48,8 +48,8 @@ module API
     end
 
     before { header['X-Frame-Options'] = 'SAMEORIGIN' }
-    before { Gitlab::I18n.locale = current_user&.preferred_language }
 
+    # The locale is set to the current user's locale when `current_user` is loaded
     after { Gitlab::I18n.use_default_locale }
 
     rescue_from Gitlab::Access::AccessDeniedError do
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 234825480f2..99b8b62691f 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -16,6 +16,8 @@ module API
 
       @current_user = initial_current_user
 
+      Gitlab::I18n.locale = @current_user&.preferred_language
+
       sudo!
 
       @current_user
-- 
GitLab