diff options
author | ThibG <thib@sitedethib.com> | 2019-08-11 22:59:40 +0200 |
---|---|---|
committer | multiple creatures <dev@multiple-creature.party> | 2020-02-20 23:34:23 -0600 |
commit | 49ad6d338197eb8cf6893ea6dd6578a6a1a99295 (patch) | |
tree | 49bcf1b0db9e0839bcb94bd79e72d6d36f1ce300 /app/controllers | |
parent | 892b9a8476ed1007ae5ae499059e958f10ee6ba8 (diff) |
Fix ActivityPub and REST API queries setting cookies and preventing caching (#11539)
Regression from #8657
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/accounts_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/base_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 2 |
3 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 3dca0a1af..a942ff428 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -9,6 +9,8 @@ class AccountsController < ApplicationController before_action :set_cache_headers before_action :set_body_classes + skip_around_action :set_locale, if: -> { request.format == :json } + def show respond_to do |format| format.html do diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index f5892f96c..ed73a9aa4 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -13,6 +13,8 @@ class Api::BaseController < ApplicationController protect_from_forgery with: :null_session + skip_around_action :set_locale + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| render json: { error: e.to_s }, status: 422 end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 87fdf222e..289fd9863 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -20,6 +20,8 @@ class StatusesController < ApplicationController before_action :set_body_classes before_action :set_autoplay, only: :embed + skip_around_action :set_locale, if: -> { request.format == :json } + content_security_policy only: :embed do |p| p.frame_ancestors(false) end |