From 8c41aa5a73e25cce524881567f120400e3008524 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Tue, 19 Dec 2023 09:40:18 +0100 Subject: [PATCH] Disable Sentry context for render_protected_upload In this action, we are not using a regular cookie/user to authenticate. However, we have a special token, that is JWT-based. Since it has the same name as the login token sent via email, we previously searched the database for it as part of configuring the Sentry context. This is now avoided. --- app/controllers/code_ocean/files_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/code_ocean/files_controller.rb b/app/controllers/code_ocean/files_controller.rb index 96ddfbf4..69151722 100644 --- a/app/controllers/code_ocean/files_controller.rb +++ b/app/controllers/code_ocean/files_controller.rb @@ -9,6 +9,7 @@ module CodeOcean content_security_policy false, only: :render_protected_upload skip_before_action :deny_access_from_render_host, only: :render_protected_upload skip_before_action :verify_authenticity_token, only: :render_protected_upload + skip_before_action :set_sentry_context, only: :render_protected_upload before_action :require_user!, except: :render_protected_upload # In case the .realpath cannot resolve a file (for example because it is no longer available)