diff options
author | ThibG <thib@sitedethib.com> | 2019-08-11 22:59:40 +0200 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2019-08-11 22:59:40 +0200 |
commit | 646f96d4486499416c9a369ad8886e09e453462c (patch) | |
tree | b9bd8a489576ff9ff3ac45441369d997c43ebf55 | |
parent | aebefc7ce9cff913c4f04bb94ebda428e755ecad (diff) |
Fix ActivityPub and REST API queries setting cookies and preventing caching (#11539)
Regression from #8657
-rw-r--r-- | app/controllers/accounts_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/base_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 2 |
3 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 058a00a21..f153b63bb 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -9,6 +9,8 @@ class AccountsController < ApplicationController before_action :set_cache_headers before_action :set_body_classes + skip_around_action :set_locale, if: -> { request.format == :json } + def show respond_to do |format| format.html do diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 109e38ffa..de8fff30e 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -14,6 +14,8 @@ class Api::BaseController < ApplicationController protect_from_forgery with: :null_session + skip_around_action :set_locale + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| render json: { error: e.to_s }, status: 422 end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 0693125ab..83131f484 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -18,6 +18,8 @@ class StatusesController < ApplicationController before_action :set_body_classes before_action :set_autoplay, only: :embed + skip_around_action :set_locale, if: -> { request.format == :json } + content_security_policy only: :embed do |p| p.frame_ancestors(false) end |