Commit 540c2cdd authored by Sean McGivern's avatar Sean McGivern

Remove logging for Gitlab::RequestForgeryProtection::Controller

This controller never actually processes a user request. It's used
internally to check CSRF tokens.

However, because it is a controller, 'requests' to it will show up in
unstructured logs. We added this log message to clarify that any 429s
weren't real requests, but simply internal usage.

When we added this log message, structured logs wouldn't emit a plain
message like this. Now that we have more comprehensive structured logs,
and recommend them going forward, they will emit these messages, which
can cause a lot of log spam. That log spam is exacerbated by enabling
Rack Attack, because the throttles we use will indirectly use this dummy
controller and so every single request can log these three lines.

As such, this log message probably isn't needed any more, as it's doing
more harm than good.
parent a67ac807
......@@ -9,14 +9,6 @@ module Gitlab
class Controller < ActionController::Base
protect_from_forgery with: :exception, prepend: true
rescue_from ActionController::InvalidAuthenticityToken do |e|
logger.warn "This CSRF token verification failure is handled internally by `GitLab::RequestForgeryProtection`"
logger.warn "Unlike the logs may suggest, this does not result in an actual 422 response to the user"
logger.warn "For API requests, the only effect is that `current_user` will be `nil` for the duration of the request"
raise e
end
def index
head :ok
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment