Prepend `protect_from_forgery` in the sessionscontroller (!13049) · Merge requests · GitLab.org / GitLab FOSS

Bob Van Landuyt requested to merge bvl-fix-login-issue-with-ldap-enabled into master Jul 24, 2017

Make sure protect_from_forgery is done before authentication. Otherwise it might cause the authentication to fail when the token is reset during auth.

Closes #35447 (closed)

Edited Jul 25, 2017 by Bob Van Landuyt

Prepend `protect_from_forgery` in the sessionscontroller

Merge request reports