diff options
| author | Patrick Figel <patrick@figel.email> | 2018-01-15 06:51:23 +0100 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-01-15 06:51:23 +0100 |
| commit | 537d2939b10df9121e5a9f13a9d66c568ff681bf (patch) | |
| tree | 8e4dcb8a4566497534ad0bd81b12c318bd760bcb /app/controllers/api | |
| parent | 2091ae92be5d04cd4dadb2200c507ce8d8d2623e (diff) | |
| download | mastodon-537d2939b10df9121e5a9f13a9d66c568ff681bf.tar mastodon-537d2939b10df9121e5a9f13a9d66c568ff681bf.tar.gz mastodon-537d2939b10df9121e5a9f13a9d66c568ff681bf.tar.bz2 mastodon-537d2939b10df9121e5a9f13a9d66c568ff681bf.zip | |
Suppress CSRF token warnings (#6240)
CSRF token checking was enabled for API controllers in #6223,
producing "Can't verify CSRF token authenticity" log spam. This
disables logging of failed CSRF checks.
This also changes the protection strategy for
PushSubscriptionsController to use exceptions, making it consistent
with other controllers that use sessions.
Diffstat (limited to 'app/controllers/api')
| -rw-r--r-- | app/controllers/api/web/push_subscriptions_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb index 52e250d02..68ccbd5e2 100644 --- a/app/controllers/api/web/push_subscriptions_controller.rb +++ b/app/controllers/api/web/push_subscriptions_controller.rb @@ -4,6 +4,7 @@ class Api::Web::PushSubscriptionsController < Api::BaseController respond_to :json before_action :require_user! + protect_from_forgery with: :exception def create params.require(:subscription).require(:endpoint) |