Merge pull request #10098 from colinux/dont-report-every-invalid-auth-token
Tech: ne remonte plus que 10% des InvalidAuthenticityToken errors
This commit is contained in:
commit
a106394e89
2 changed files with 9 additions and 4 deletions
|
@ -5,10 +5,12 @@ module ApplicationController::ErrorHandling
|
|||
rescue_from ActionController::InvalidAuthenticityToken do
|
||||
# When some browsers (like Safari) re-open a previously closed tab, they attempts
|
||||
# to reload the page – even if it is a POST request. But in that case, they don’t
|
||||
# sends any of the cookies.
|
||||
# sends any of the cookies and we don’t report this error.
|
||||
#
|
||||
# In that case, don’t report this error.
|
||||
if request.cookies.count > 0
|
||||
# There are dozens of these "errors" every day,
|
||||
# we only log them to detect massive attacks or global errors
|
||||
# without having thousands reports.
|
||||
if request.cookies.any? && rand(10) == 0
|
||||
log_invalid_authenticity_token_error
|
||||
end
|
||||
|
||||
|
|
|
@ -16,7 +16,10 @@ RSpec.describe ApplicationController::ErrorHandling, type: :controller do
|
|||
{ 'some_cookie': true }
|
||||
end
|
||||
|
||||
before { cookies.update(request_cookies) }
|
||||
before do
|
||||
cookies.update(request_cookies)
|
||||
allow(controller).to receive(:rand).and_return(0)
|
||||
end
|
||||
|
||||
it 'logs the error' do
|
||||
allow(Sentry).to receive(:capture_message)
|
||||
|
|
Loading…
Add table
Reference in a new issue