Exclude dummy CSRF controller from logs

Gitlab::RequestForgeryProtection::Controller#index is not actually user-reachable; we use it as a way of testing whether a request contains a valid CSRF token. However, because we put a request through this controller, it gets logged. That means we get confusing log entries for this controller and API paths, which are duplicated - they have the same request ID as the 'actual' request.

Exclude dummy CSRF controller from logs
Gitlab::RequestForgeryProtection::Controller#index is not actually user-reachable; we use it as a way of testing whether a request contains a valid CSRF token. However, because we put a request through this controller, it gets logged. That means we get confusing log entries for this controller and API paths, which are duplicated - they have the same request ID as the 'actual' request.
8c52d47d · Sean McGivern · be8cb784 · 8c52d47d
Commit 8c52d47d authored Jan 24, 2020 by Sean McGivern
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

config/initializers/lograge.rb config/initializers/lograge.rb +4 -0

No files found.
--- a/config/initializers/lograge.rb
+++ b/config/initializers/lograge.rb
@@ -15,6 +15,10 @@ unless Gitlab::Runtime.sidekiq?
      data
    end
+    # This isn't a user-reachable controller; we use it to check for a
+    # valid CSRF token in the API
+    config.lograge.ignore_actions = ['Gitlab::RequestForgeryProtection::Controller#index']
    # Add request parameters to log output
    config.lograge.custom_options = lambda do |event|
      params = event.payload[:params]