2024-04-29 00:17:15 +02:00
|
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2021-07-06 12:34:23 +02:00
|
|
|
|
module ApplicationController::ErrorHandling
|
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
|
|
included do
|
|
|
|
|
rescue_from ActionController::InvalidAuthenticityToken do
|
2021-07-06 16:04:52 +02:00
|
|
|
|
# When some browsers (like Safari) re-open a previously closed tab, they attempts
|
|
|
|
|
# to reload the page – even if it is a POST request. But in that case, they don’t
|
2024-03-11 13:25:29 +01:00
|
|
|
|
# sends any of the cookies and we don’t report this error.
|
2021-07-06 16:04:52 +02:00
|
|
|
|
#
|
2024-03-11 13:25:29 +01:00
|
|
|
|
# There are dozens of these "errors" every day,
|
|
|
|
|
# we only log them to detect massive attacks or global errors
|
|
|
|
|
# without having thousands reports.
|
|
|
|
|
if request.cookies.any? && rand(10) == 0
|
2021-07-06 12:34:23 +02:00
|
|
|
|
log_invalid_authenticity_token_error
|
|
|
|
|
end
|
2021-07-06 16:04:52 +02:00
|
|
|
|
|
|
|
|
|
raise # propagate the exception up, to render the default exception page
|
2021-07-06 12:34:23 +02:00
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2021-07-06 16:04:52 +02:00
|
|
|
|
private
|
|
|
|
|
|
2021-07-06 12:34:23 +02:00
|
|
|
|
def log_invalid_authenticity_token_error
|
|
|
|
|
Sentry.with_scope do |temp_scope|
|
|
|
|
|
tags = {
|
|
|
|
|
action: "#{self.class.name}#{action_name}"
|
|
|
|
|
}
|
|
|
|
|
temp_scope.set_tags(tags)
|
|
|
|
|
Sentry.capture_message("ActionController::InvalidAuthenticityToken")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|