evazion 2d34e69737 api: disable csrf protection for api requests. ...

Fixes POST/PUT API requests failing with InvalidAuthenticityToken errors
due to missing CSRF tokens.

CSRF protection is only necessary for cookie-based authentication. For
non-cookie-based authentication we can safely disable it. That is, if
the user is already passing their login + api_key, then we don't need
to additionally verify the request with a CSRF token.

ref: 2e407fa476 (comments)

2019-08-24 22:55:35 -05:00

..

controllers

Implement forum topic voting and tag change pruning (#3580)

2018-04-26 15:31:06 -07:00

factories

Fix #4106: Allow moderators to IP ban subnets.

2019-08-12 02:12:56 -05:00

files

fixes #3960

2018-10-17 15:37:47 -07:00

fixtures

Implement forum topic voting and tag change pruning (#3580)

2018-04-26 15:31:06 -07:00

functional

api: disable csrf protection for api requests.

2019-08-24 22:55:35 -05:00

helpers

Fix #3497: Invalid DText denial of service attack.

2018-01-14 16:14:18 -06:00

jobs

jobs: migrate mass updates to ActiveJob.

2019-08-19 00:46:31 -05:00

mailers/previews

Fix #3846: Subscribed forum posts link to invalid URL in email updates.

2018-08-27 22:04:37 -05:00

models

jobs: migrate file deletion jobs to ActiveJob.

2019-08-16 20:49:35 -05:00

test_helpers

add post count estimates for bulk update requests

2019-01-09 15:54:55 -08:00

unit

Fix #4125: Detect forum and comment spam.

2019-08-23 22:41:47 -05:00

test_helper.rb

tests: fix authentication in controller tests.

2019-08-24 22:55:35 -05:00