Fix admin API unconditionally requiring CSRF token (#17975) - mastodon.git - Yuuta's fork of Mastodon. Pulled from upstream periodically. On v4.0.2.

diff options

author	Claire <claire.github-309c@sitedethib.com>	2022-04-06 20:57:18 +0200
committer	GitHub <noreply@github.com>	2022-04-06 20:57:18 +0200
commit	62c6e12fa58adea57954e395d10d0ffc2c0cd73c (patch)
tree	179128043d1c9908dbbce2e10dad97d06a2903e9 /app/controllers/api/oembed_controller.rb
parent	d116cb7733bb535bb72207b20fba9a7d0da371ed (diff)
download	mastodon-62c6e12fa58adea57954e395d10d0ffc2c0cd73c.tar mastodon-62c6e12fa58adea57954e395d10d0ffc2c0cd73c.tar.gz mastodon-62c6e12fa58adea57954e395d10d0ffc2c0cd73c.tar.bz2 mastodon-62c6e12fa58adea57954e395d10d0ffc2c0cd73c.zip

Fix admin API unconditionally requiring CSRF token (#17975)

Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.

Diffstat (limited to 'app/controllers/api/oembed_controller.rb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: