logo

mastofe

My custom branche(s) on git.pleroma.social/pleroma/mastofe
commit: 537d2939b10df9121e5a9f13a9d66c568ff681bf
parent: 2091ae92be5d04cd4dadb2200c507ce8d8d2623e
Author: Patrick Figel <patrick@figel.email>
Date:   Mon, 15 Jan 2018 06:51:23 +0100

Suppress CSRF token warnings (#6240)

CSRF token checking was enabled for API controllers in #6223,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.

This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.

Diffstat:

Mapp/controllers/api/web/push_subscriptions_controller.rb1+
Aconfig/initializers/suppress_csrf_warnings.rb3+++
2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb @@ -4,6 +4,7 @@ class Api::Web::PushSubscriptionsController < Api::BaseController respond_to :json before_action :require_user! + protect_from_forgery with: :exception def create params.require(:subscription).require(:endpoint) diff --git a/config/initializers/suppress_csrf_warnings.rb b/config/initializers/suppress_csrf_warnings.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +ActionController::Base.log_warning_on_csrf_failure = false