diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-04-06 20:57:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-06 20:57:18 +0200 |
| commit | 62c6e12fa58adea57954e395d10d0ffc2c0cd73c (patch) | |
| tree | 179128043d1c9908dbbce2e10dad97d06a2903e9 /app/controllers/api/v1/admin/trends | |
| parent | d116cb7733bb535bb72207b20fba9a7d0da371ed (diff) | |
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
Diffstat (limited to 'app/controllers/api/v1/admin/trends')
3 files changed, 0 insertions, 6 deletions
diff --git a/app/controllers/api/v1/admin/trends/links_controller.rb b/app/controllers/api/v1/admin/trends/links_controller.rb index 63b3d9358..0a191fe4b 100644 --- a/app/controllers/api/v1/admin/trends/links_controller.rb +++ b/app/controllers/api/v1/admin/trends/links_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::LinksController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_links diff --git a/app/controllers/api/v1/admin/trends/statuses_controller.rb b/app/controllers/api/v1/admin/trends/statuses_controller.rb index 86633cc74..cb145f165 100644 --- a/app/controllers/api/v1/admin/trends/statuses_controller.rb +++ b/app/controllers/api/v1/admin/trends/statuses_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::StatusesController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_statuses diff --git a/app/controllers/api/v1/admin/trends/tags_controller.rb b/app/controllers/api/v1/admin/trends/tags_controller.rb index 5cc4c269d..9c28b0412 100644 --- a/app/controllers/api/v1/admin/trends/tags_controller.rb +++ b/app/controllers/api/v1/admin/trends/tags_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::TagsController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_tags |