Merge pull request #10098 from colinux/dont-report-every-invalid-auth-token

Tech: ne remonte plus que 10% des InvalidAuthenticityToken errors
This commit is contained in:
mfo 2024-03-12 09:04:57 +00:00 committed by GitHub
commit a106394e89
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 9 additions and 4 deletions

View file

@ -5,10 +5,12 @@ module ApplicationController::ErrorHandling
rescue_from ActionController::InvalidAuthenticityToken do
# When some browsers (like Safari) re-open a previously closed tab, they attempts
# to reload the page even if it is a POST request. But in that case, they dont
# sends any of the cookies.
# sends any of the cookies and we dont report this error.
#
# In that case, dont report this error.
if request.cookies.count > 0
# There are dozens of these "errors" every day,
# we only log them to detect massive attacks or global errors
# without having thousands reports.
if request.cookies.any? && rand(10) == 0
log_invalid_authenticity_token_error
end

View file

@ -16,7 +16,10 @@ RSpec.describe ApplicationController::ErrorHandling, type: :controller do
{ 'some_cookie': true }
end
before { cookies.update(request_cookies) }
before do
cookies.update(request_cookies)
allow(controller).to receive(:rand).and_return(0)
end
it 'logs the error' do
allow(Sentry).to receive(:capture_message)