From 27be15ce7a57b4061886368033416bf289184fc0 Mon Sep 17 00:00:00 2001 From: evazion Date: Mon, 26 Aug 2019 20:24:20 -0500 Subject: [PATCH] related tags: disable csrf protection for update action. This fixes InvalidAuthenticityToken errors caused by Reportbooru trying to use this endpoint to update related tags. Reportbooru uses a secret key to authenticate rather than using apikey-based authentication, which makes it fail the CSRF protection. --- app/controllers/related_tags_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/related_tags_controller.rb b/app/controllers/related_tags_controller.rb index 99669017e..bbd170940 100644 --- a/app/controllers/related_tags_controller.rb +++ b/app/controllers/related_tags_controller.rb @@ -1,6 +1,7 @@ class RelatedTagsController < ApplicationController respond_to :json, :xml, :js, :html, except: [:update] before_action :require_reportbooru_key, only: [:update] + skip_forgery_protection only: [:update] def show @query = RelatedTagQuery.new(query: params[:query], category: params[:category], user: CurrentUser.user)