DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #6325 from betagouv/improve-csrf-logging-again

Browse source 
Erreurs ActionController::InvalidAuthenticityToken : lorsqu'il n'y a pas de cookies, la page d'erreur par défaut est affichée (#6325)
This commit is contained in:
Pierre de La Morinerie 2021-07-07 09:38:03 +02:00 committed by GitHub
commit 380d2c5efa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
app/controllers/application_controller/error_handling.rb
View file

@ -3,20 +3,21 @@ module ApplicationController::ErrorHandling
included do included do
rescue_from ActionController::InvalidAuthenticityToken do rescue_from ActionController::InvalidAuthenticityToken do
if cookies.count == 0 # When some browsers (like Safari) re-open a previously closed tab, they attempts
# When some browsers (like Safari) re-open a previously closed tab, they attempts # to reload the page even if it is a POST request. But in that case, they dont
# to reload the page even if it is a POST request. But in that case, they dont # sends any of the cookies.
# sends any of the cookies. #
# # In that case, dont report this error.
# Ignore this error. if request.cookies.count > 0
render plain: "Les cookies doivent être activés pour utiliser #{APPLICATION_NAME}.", status: 403
else
log_invalid_authenticity_token_error log_invalid_authenticity_token_error
raise # propagate the exception up, to render the default exception page
end end
raise # propagate the exception up, to render the default exception page
end end
end end
private
def log_invalid_authenticity_token_error def log_invalid_authenticity_token_error
Sentry.with_scope do |temp_scope| Sentry.with_scope do |temp_scope|
tags = { tags = {

13
spec/controllers/application_controller/error_handling_spec.rb
View file

@ -33,15 +33,10 @@ RSpec.describe ApplicationController::ErrorHandling, type: :controller do
{} {}
end end
it 'returns a message' do it 'doesnt log the error' do
post :invalid_authenticity_token allow(Sentry).to receive(:capture_message)
post :invalid_authenticity_token rescue nil
expect(response).to have_http_status(403) expect(Sentry).not_to have_received(:capture_message)
expect(response.body).to include('cookies')
end
it 'renders the standard exception page' do
expect { post :invalid_authenticity_token }.not_to raise_error
end end
end end
end end