InvalidCrossOriginRequest with any non-existent .js extension file
https://sentry.gitlap.com/gitlab/devgitlaborg/issues/111861/
ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
lib/gitlab/i18n.rb:47:in `with_locale'
yield
lib/gitlab/i18n.rb:53:in `with_user_locale'
with_locale(user&.preferred_language, &block)
app/controllers/application_controller.rb:324:in `set_locale'
Gitlab::I18n.with_user_locale(current_user, &block)
lib/gitlab/middleware/multipart.rb:93:in `call'
return @app.call(env) if encoded_message.blank?
lib/gitlab/request_profiler/middleware.rb:14:in `call'
@app.call(env)
...
(122 additional frame(s) were not displayed)
ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
ex.
http://localhost:3000/help/ci/blahblahblah.js
http://localhost:3000/gitlab-org/gitlab-ce/issues/32/awfeafewfaewf.js
https://dev.gitlab.org/help/ci/examples/blahblah.js
Edited by Eric Eastwood