htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Debug CSRF issues temporarily

Browse Source
This commit is contained in:
Sebastian Serth
2021-03-10 13:50:35 +01:00
parent 293f7f6df7
commit a174d75a47
4 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/assets/javascripts/editor/ajax.js
View File

@ -12,6 +12,11 @@ CodeOceanEditorAJAX = {
$.flash.danger({ $.flash.danger({
text: message.length > 0 ? message : $('#flash').data('message-failure') text: message.length > 0 ? message : $('#flash').data('message-failure')
}); });
Sentry.setContext("error",{
cookie: document.cookie,
response: response.responseText,
csrf: $('meta[name="csrf-token"]').attr("content")
});
Sentry.captureException(JSON.stringify(response)); Sentry.captureException(JSON.stringify(response));
} }
}; };

6
app/controllers/application_controller.rb
View File

@ -10,6 +10,7 @@ class ApplicationController < ActionController::Base
before_action :set_sentry_context, :set_locale, :allow_iframe_requests, :load_embed_options before_action :set_sentry_context, :set_locale, :allow_iframe_requests, :load_embed_options
protect_from_forgery(with: :exception, prepend: true) protect_from_forgery(with: :exception, prepend: true)
rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
rescue_from ActionController::InvalidAuthenticityToken, with: :render_csrf_error
def current_user def current_user
::NewRelic::Agent.add_custom_attributes(external_user_id: session[:external_user_id], session_user_id: session[:user_id]) ::NewRelic::Agent.add_custom_attributes(external_user_id: session[:external_user_id], session_user_id: session[:user_id])
@ -32,6 +33,11 @@ class ApplicationController < ActionController::Base
end end
private :set_sentry_context private :set_sentry_context
def render_csrf_error
render json: {error: 'CSRF validation failed!!', status: :unprocessable_entity, request_cookies: cookies, session_csrf: session['_csrf_token'], request_csrf: request_authenticity_tokens }, status: :unprocessable_entity
end
private :render_csrf_error
def render_not_authorized def render_not_authorized
respond_to do |format| respond_to do |format|
format.html do format.html do

4
app/views/layouts/application.html.slim
View File

@ -27,6 +27,10 @@ html lang="#{I18n.locale || I18n.default_locale}"
| release: "#{Sentry.configuration.release}", | release: "#{Sentry.configuration.release}",
| environment: "#{Sentry.configuration.environment}", | environment: "#{Sentry.configuration.environment}",
| }); | });
| Sentry.setContext("initial",{
| cookie: document.cookie,
| csrf: $('meta[name="csrf-token"]').attr("content")
| });
- if @current_user - if @current_user
| Sentry.configureScope(function(scope) { | Sentry.configureScope(function(scope) {
| scope.setUser({ | scope.setUser({

2
config/initializers/session_store.rb
View File

@ -1,3 +1,3 @@
# Be sure to restart your server when you modify this file. # Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: '_code_ocean_session' Rails.application.config.session_store :cookie_store, key: '_code_ocean_session', httponly: false