1
0
Fork 0
forked from fedi/mastodon
mastodon/app/controllers/api
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
2022-04-06 20:57:18 +02:00
..
v1 Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
v2 Fix /api/v1/admin/accounts (#17887) 2022-03-28 23:57:38 +02:00
web Refactor formatter (#17828) 2022-03-26 02:53:34 +01:00
base_controller.rb Fix locale not being set in REST API (#17847) 2022-03-22 12:29:04 +01:00
oembed_controller.rb Fix OEmbed leaking information about existence of non-public statuses (#12930) 2020-01-24 00:20:51 +01:00