diff options
| -rw-r--r-- | app/controllers/api/web/push_subscriptions_controller.rb | 1 | ||||
| -rw-r--r-- | config/initializers/suppress_csrf_warnings.rb | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb index 52e250d02..68ccbd5e2 100644 --- a/app/controllers/api/web/push_subscriptions_controller.rb +++ b/app/controllers/api/web/push_subscriptions_controller.rb @@ -4,6 +4,7 @@ class Api::Web::PushSubscriptionsController < Api::BaseController respond_to :json before_action :require_user! + protect_from_forgery with: :exception def create params.require(:subscription).require(:endpoint) diff --git a/config/initializers/suppress_csrf_warnings.rb b/config/initializers/suppress_csrf_warnings.rb new file mode 100644 index 000000000..410ab585b --- /dev/null +++ b/config/initializers/suppress_csrf_warnings.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +ActionController::Base.log_warning_on_csrf_failure = false |