Large number of CSRF 422 errors with build trace API
On dev, I am seeing a flood of 422 CSRF errors:
{"method":"PATCH","path":"/api/v4/jobs/1296409/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":1.03,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.909Z","params":{}}
{"method":"PATCH","path":"/api/v4/jobs/1296269/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":0.88,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.916Z","params":{}}
{"method":"PATCH","path":"/api/v4/jobs/1296383/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":1.38,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.917Z","params":{}}
{"method":"PATCH","path":"/api/v4/jobs/1296157/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":1.12,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.919Z","params":{}}
{"method":"PATCH","path":"/api/v4/jobs/1296187/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":0.93,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.941Z","params":{}}
{"method":"PATCH","path":"/api/v4/jobs/1296757/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":1.1,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.968Z","params":{}}
{"method":"PATCH","path":"/api/v4/jobs/1296161/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":0.97,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.997Z","params":{}}
{"method":"PATCH","path":"/api/v4/jobs/1296265/trace","format":"html","controller":"Gitlab::RequestForgeryProtection::Controller","action":"index","status":422,"error":"ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken","duration":0.94,"view":0.0,"db":0.0,"time":"2017-07-28T12:51:22.997Z","params":{}}
I'm not sure if this has to do with !12154 (merged), but it's a guess.
Edited by Stan Hu