demarches-normaliennes/app/controllers/application_controller/error_handling.rb

35 lines
1.1 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
module ApplicationController::ErrorHandling
extend ActiveSupport::Concern
included do
rescue_from ActionController::InvalidAuthenticityToken do
# When some browsers (like Safari) re-open a previously closed tab, they attempts
# to reload the page even if it is a POST request. But in that case, they dont
# sends any of the cookies and we dont report this error.
#
# There are dozens of these "errors" every day,
# we only log them to detect massive attacks or global errors
# without having thousands reports.
if request.cookies.any? && rand(10) == 0
log_invalid_authenticity_token_error
end
raise # propagate the exception up, to render the default exception page
end
end
private
def log_invalid_authenticity_token_error
Sentry.with_scope do |temp_scope|
tags = {
action: "#{self.class.name}#{action_name}"
}
temp_scope.set_tags(tags)
Sentry.capture_message("ActionController::InvalidAuthenticityToken")
end
end
end