Commit 8f664636 authored by Peter Leitzen's avatar Peter Leitzen

Merge branch 'remove-protect-from-forgery-for-generic-alerts-endpoint' into 'master'

Skip CSRF protection in Generic Alerts Endpoint

See merge request gitlab-org/gitlab!17692
parents 72e1c25a 0f832a56
...@@ -5,6 +5,7 @@ module Projects ...@@ -5,6 +5,7 @@ module Projects
class NotificationsController < Projects::ApplicationController class NotificationsController < Projects::ApplicationController
respond_to :json respond_to :json
skip_before_action :verify_authenticity_token
skip_before_action :project skip_before_action :project
prepend_before_action :repository, :project_without_auth prepend_before_action :repository, :project_without_auth
......
...@@ -10,6 +10,10 @@ describe Projects::Alerting::NotificationsController do ...@@ -10,6 +10,10 @@ describe Projects::Alerting::NotificationsController do
let(:service_response) { ServiceResponse.success } let(:service_response) { ServiceResponse.success }
let(:notify_service) { instance_double(Projects::Alerting::NotifyService, execute: service_response) } let(:notify_service) { instance_double(Projects::Alerting::NotifyService, execute: service_response) }
around do |example|
ForgeryProtection.with_forgery_protection { example.run }
end
before do before do
allow(Projects::Alerting::NotifyService).to receive(:new).and_return(notify_service) allow(Projects::Alerting::NotifyService).to receive(:new).and_return(notify_service)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment