]> cat aescling's git repositories - mastodon.git/commit
Fix admin API unconditionally requiring CSRF token (#17975)
authorClaire <claire.github-309c@sitedethib.com>
Wed, 6 Apr 2022 18:57:18 +0000 (20:57 +0200)
committerGitHub <noreply@github.com>
Wed, 6 Apr 2022 18:57:18 +0000 (20:57 +0200)
commit62c6e12fa58adea57954e395d10d0ffc2c0cd73c
tree179128043d1c9908dbbce2e10dad97d06a2903e9
parentd116cb7733bb535bb72207b20fba9a7d0da371ed
Fix admin API unconditionally requiring CSRF token (#17975)

Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
app/controllers/api/v1/admin/account_actions_controller.rb
app/controllers/api/v1/admin/accounts_controller.rb
app/controllers/api/v1/admin/dimensions_controller.rb
app/controllers/api/v1/admin/measures_controller.rb
app/controllers/api/v1/admin/reports_controller.rb
app/controllers/api/v1/admin/retention_controller.rb
app/controllers/api/v1/admin/trends/links_controller.rb
app/controllers/api/v1/admin/trends/statuses_controller.rb
app/controllers/api/v1/admin/trends/tags_controller.rb