module ApplicationController::ErrorHandling
  extend ActiveSupport::Concern

  included do
    rescue_from ActionController::InvalidAuthenticityToken do
      # When some browsers (like Safari) re-open a previously closed tab, they attempts
      # to reload the page – even if it is a POST request. But in that case, they don’t
      # sends any of the cookies and we don’t report this error.
      #
      # There are dozens of these "errors" every day,
      # we only log them to detect massive attacks or global errors
      # without having thousands reports.
      if request.cookies.any? && rand(10) == 0
        log_invalid_authenticity_token_error
      end

      raise # propagate the exception up, to render the default exception page
    end
  end

  private

  def log_invalid_authenticity_token_error
    Sentry.with_scope do |temp_scope|
      tags = {
        action: "#{self.class.name}#{action_name}"
      }
      temp_scope.set_tags(tags)
      Sentry.capture_message("ActionController::InvalidAuthenticityToken")
    end
  end
end