diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2016-03-21 09:24:29 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2016-03-21 09:24:29 +0100 |
commit | 2ba6537f524dfcdd761edbe72f925c26588b4f0e (patch) | |
tree | 0d7067dee23fc969c4996260a33908f60597a815 /app | |
parent | 68931c1ee813de5acedf0abb5e9277a12fcdb448 (diff) |
Escape PuSH challenge and change subscriptions and salmon APIs to text/plain
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/api/salmon_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/api/subscriptions_controller.rb | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/api/salmon_controller.rb b/app/controllers/api/salmon_controller.rb index 1df989700..b15aefee9 100644 --- a/app/controllers/api/salmon_controller.rb +++ b/app/controllers/api/salmon_controller.rb @@ -1,5 +1,6 @@ class Api::SalmonController < ApiController before_action :set_account + respond_to :txt def update ProcessInteractionService.new.(request.body.read, @account) diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb index 6ae038a36..91b987ce4 100644 --- a/app/controllers/api/subscriptions_controller.rb +++ b/app/controllers/api/subscriptions_controller.rb @@ -1,9 +1,10 @@ class Api::SubscriptionsController < ApiController before_action :set_account + respond_to :txt def show if @account.subscription(api_subscription_url(@account.id)).valid?(params['hub.topic'], params['hub.verify_token']) - render text: params['hub.challenge'], status: 200 + render text: HTMLEntities.new.encode(params['hub.challenge']), status: 200 else render nothing: true, status: 404 end |