cat aescling's git repositories - mastodon.git/commit

]> cat aescling's git repositories - mastodon.git/commit

cat aescling's git repositories / mastodon.git / commit

author	Claire <claire.github-309c@sitedethib.com>
	Wed, 6 Apr 2022 18:57:18 +0000 (20:57 +0200)
committer	GitHub <noreply@github.com>
	Wed, 6 Apr 2022 18:57:18 +0000 (20:57 +0200)
commit	62c6e12fa58adea57954e395d10d0ffc2c0cd73c
tree	179128043d1c9908dbbce2e10dad97d06a2903e9	tree \| snapshot
parent	d116cb7733bb535bb72207b20fba9a7d0da371ed	commit \| diff

Fix admin API unconditionally requiring CSRF token (#17975)

Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.

source code fur Kibicat Mastodon

RSS Atom

app/controllers/api/v1/admin/account_actions_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/accounts_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/dimensions_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/measures_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/reports_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/retention_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/trends/links_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/trends/statuses_controller.rb		diff \| blob \| history
app/controllers/api/v1/admin/trends/tags_controller.rb		diff \| blob \| history