chore: Suppress the unnecessary CSRF warning (#2606)

Suppress the unnecessary CSRF warning
This commit is contained in:
Sojan Jose 2021-07-14 18:40:24 +05:30 committed by GitHub
parent dfddf9cacc
commit a5bc81b304
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 11 additions and 9 deletions

View file

@ -3,3 +3,6 @@ sed -i -e '/REDIS_URL/ s/=.*/=redis:\/\/localhost:6379/' .env
sed -i -e '/POSTGRES_HOST/ s/=.*/=localhost/' .env
sed -i -e '/SMTP_ADDRESS/ s/=.*/=localhost/' .env
sed -i -e "/FRONTEND_URL/ s/=.*/=https:\/\/$CODESPACE_NAME-3000.githubpreview.dev/" .env
sed -i -e "/WEBPACKER_DEV_SERVER_PUBLIC/ s/=.*/=https:\/\/$CODESPACE_NAME-3035.githubpreview.dev/" .env
# uncomment the webpacker env variable
sed -i -e '/WEBPACKER_DEV_SERVER_PUBLIC/s/^# //' .env

View file

@ -155,3 +155,5 @@ USE_INBOX_AVATAR_FOR_BOT=true
## Development Only Config
# if you want to use letter_opener for local emails
# LETTER_OPENER=true
# meant to be used in github codespaces
# WEBPACKER_DEV_SERVER_PUBLIC=

View file

@ -7,7 +7,6 @@ class Api::V1::Accounts::ContactsController < Api::V1::Accounts::BaseController
sort_on :last_activity_at, type: :datetime
RESULTS_PER_PAGE = 15
protect_from_forgery with: :null_session
before_action :check_authorization
before_action :set_current_page, only: [:index, :active, :search]

View file

@ -1,5 +1,4 @@
class Api::V1::Accounts::CustomFiltersController < Api::V1::Accounts::BaseController
protect_from_forgery with: :null_session
before_action :fetch_custom_filters, except: [:create]
before_action :fetch_custom_filter, only: [:show, :update, :destroy]
DEFAULT_FILTER_TYPE = 'conversation'.freeze

View file

@ -1,7 +1,6 @@
class Api::V1::Accounts::NotificationsController < Api::V1::Accounts::BaseController
RESULTS_PER_PAGE = 15
protect_from_forgery with: :null_session
before_action :fetch_notification, only: [:update]
before_action :set_primary_actor, only: [:read_all]
before_action :set_current_page, only: [:index]

View file

@ -1,7 +1,6 @@
class Api::V1::AccountsController < Api::BaseController
include AuthHelper
skip_before_action :verify_authenticity_token, only: [:create]
skip_before_action :authenticate_user!, :set_current_user, :handle_with_exception,
only: [:create], raise: false
before_action :check_signup_enabled, only: [:create]

View file

@ -3,13 +3,12 @@ class ApplicationController < ActionController::Base
include Pundit
include SwitchLocale
protect_from_forgery with: :null_session
skip_before_action :verify_authenticity_token
before_action :set_current_user, unless: :devise_controller?
around_action :switch_locale
around_action :handle_with_exception, unless: :devise_controller?
# after_action :verify_authorized
rescue_from ActiveRecord::RecordInvalid, with: :render_record_invalid
private

View file

@ -1,6 +1,4 @@
class PlatformController < ActionController::Base
protect_from_forgery with: :null_session
class PlatformController < ActionController::API
before_action :ensure_access_token
before_action :set_platform_app
before_action :set_resource, only: [:update, :show, :destroy]

View file

@ -1,3 +1,5 @@
# TODO: we should switch to ActionController::API for the base classes
# One of the specs is failing when I tried doing that, lets revisit in future
class PublicController < ActionController::Base
skip_before_action :verify_authenticity_token
end

View file

@ -72,6 +72,8 @@ development:
quiet: false
headers:
'Access-Control-Allow-Origin': '*'
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, PATCH, OPTIONS'
'Access-Control-Allow-Headers': 'X-Requested-With, content-type, Authorization'
watch_options:
ignored: '**/node_modules/**'