diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-04-06 20:57:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-06 20:57:18 +0200 |
| commit | 62c6e12fa58adea57954e395d10d0ffc2c0cd73c (patch) | |
| tree | 179128043d1c9908dbbce2e10dad97d06a2903e9 /app/controllers/api/v1/admin/accounts_controller.rb | |
| parent | d116cb7733bb535bb72207b20fba9a7d0da371ed (diff) | |
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
Diffstat (limited to 'app/controllers/api/v1/admin/accounts_controller.rb')
| -rw-r--r-- | app/controllers/api/v1/admin/accounts_controller.rb | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb index 4b6dab208..dc9d3402f 100644 --- a/app/controllers/api/v1/admin/accounts_controller.rb +++ b/app/controllers/api/v1/admin/accounts_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::AccountsController < Api::BaseController - protect_from_forgery with: :exception - include Authorization include AccountableConcern |