Merge pull request #6325 from betagouv/improve-csrf-logging-again
Erreurs ActionController::InvalidAuthenticityToken : lorsqu'il n'y a pas de cookies, la page d'erreur par défaut est affichée (#6325)
This commit is contained in:
commit
380d2c5efa
2 changed files with 14 additions and 18 deletions
|
@ -3,20 +3,21 @@ module ApplicationController::ErrorHandling
|
|||
|
||||
included do
|
||||
rescue_from ActionController::InvalidAuthenticityToken do
|
||||
if cookies.count == 0
|
||||
# When some browsers (like Safari) re-open a previously closed tab, they attempts
|
||||
# to reload the page – even if it is a POST request. But in that case, they don’t
|
||||
# sends any of the cookies.
|
||||
#
|
||||
# Ignore this error.
|
||||
render plain: "Les cookies doivent être activés pour utiliser #{APPLICATION_NAME}.", status: 403
|
||||
else
|
||||
# When some browsers (like Safari) re-open a previously closed tab, they attempts
|
||||
# to reload the page – even if it is a POST request. But in that case, they don’t
|
||||
# sends any of the cookies.
|
||||
#
|
||||
# In that case, don’t report this error.
|
||||
if request.cookies.count > 0
|
||||
log_invalid_authenticity_token_error
|
||||
raise # propagate the exception up, to render the default exception page
|
||||
end
|
||||
|
||||
raise # propagate the exception up, to render the default exception page
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def log_invalid_authenticity_token_error
|
||||
Sentry.with_scope do |temp_scope|
|
||||
tags = {
|
||||
|
|
|
@ -33,15 +33,10 @@ RSpec.describe ApplicationController::ErrorHandling, type: :controller do
|
|||
{}
|
||||
end
|
||||
|
||||
it 'returns a message' do
|
||||
post :invalid_authenticity_token
|
||||
|
||||
expect(response).to have_http_status(403)
|
||||
expect(response.body).to include('cookies')
|
||||
end
|
||||
|
||||
it 'renders the standard exception page' do
|
||||
expect { post :invalid_authenticity_token }.not_to raise_error
|
||||
it 'doesn’t log the error' do
|
||||
allow(Sentry).to receive(:capture_message)
|
||||
post :invalid_authenticity_token rescue nil
|
||||
expect(Sentry).not_to have_received(:capture_message)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue