Do not validate CSRF token in API unless needed

14644d40 · Douwe Maan · 6fe736f2 · 14644d40 · 14644d40
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

lib/api/api.rb lib/api/api.rb +1 -1

lib/api/helpers.rb lib/api/helpers.rb +2 -0

未找到文件。
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -48,8 +48,8 @@ module API
    end
    before { header['X-Frame-Options'] = 'SAMEORIGIN' }
-    before { Gitlab::I18n.locale = current_user&.preferred_language }
+    # The locale is set to the current user's locale when `current_user` is loaded
    after { Gitlab::I18n.use_default_locale }
    rescue_from Gitlab::Access::AccessDeniedError do

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -16,6 +16,8 @@ module API
      @current_user = initial_current_user
+      Gitlab::I18n.locale = @current_user&.preferred_language
      sudo!
      @current_user