asonix/mastodon
1
1
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity
mastodon/app/controllers
History
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token (#17975) 
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
2022-04-06 20:57:18 +02:00
..
activitypub Fix locale not being set in REST API (#17847) 2022-03-22 12:29:04 +01:00
admin
api Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
auth Allow login through OpenID Connect (#16221) 2022-03-09 12:07:35 +01:00
concerns
disputes
oauth
settings
well_known
about_controller.rb
account_follow_controller.rb
account_unfollow_controller.rb
accounts_controller.rb
application_controller.rb
authorize_interactions_controller.rb
custom_css_controller.rb
directories_controller.rb
emojis_controller.rb
filters_controller.rb
follower_accounts_controller.rb
following_accounts_controller.rb
health_controller.rb
home_controller.rb
instance_actors_controller.rb
intents_controller.rb
invites_controller.rb
manifests_controller.rb
media_controller.rb
media_proxy_controller.rb
public_timelines_controller.rb
relationships_controller.rb
remote_follow_controller.rb
remote_interaction_controller.rb
shares_controller.rb
statuses_cleanup_controller.rb
statuses_controller.rb
tags_controller.rb