Commit graph

5 commits

Author SHA1 Message Date
Colin Darie
1eb0bdb4ae
chore: cookies with "secure" flag (only transmitted through https) 2024-07-03 11:18:16 +02:00
Colin Darie
00d023184d
chore(sentry): don't report every InvalidAuthenticityToken 2024-03-11 17:06:38 +01:00
Pierre de La Morinerie
831672391e app: use a long-lived cookie for CSRF token
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
37c62ac0a3 app: display standard error page when no cookies are present
This occurs mostly when Safari attempts to perform a POST request
again (without sending any of the cookies).

In that case, our custom `422.html` page is more helpful to the user
(because it has a link to the previous page) than a "No cookies" blank
text.
2021-07-06 16:29:22 +02:00
Pierre de La Morinerie
09933454ff app: improve InvalidAuthenticityToken logging
- Log on all controllers
- Improve description of the controller action involved
- Ignore Safari bogus requests
2021-07-06 12:42:01 +02:00