diff options
author | Dennis Schubert <mail@dennis-schubert.de> | 2022-07-21 06:24:13 +0300 |
---|---|---|
committer | Benjamin Neff <benjamin@coding4coffee.ch> | 2022-07-21 06:30:55 +0300 |
commit | 428c97d089a576e9221c6e3b1ebab76adfb3d088 (patch) | |
tree | 2ba3db73f084ceae0678be7cd15042f44a58dcbc | |
parent | 3cf84c838f58316a574b8ab69ba81a2d214c8fb2 (diff) |
Disable the default CSRF protection.
This was added in Rails 5.2 defaults, but we upgraded from 5.1 defaults to 6.1, so we didn't notice until now.
closes #8374
-rw-r--r-- | config/application.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb index 7594255f8..9b1c1050b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -39,6 +39,11 @@ module Diaspora # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true + # We specify CSRF protection manually in ApplicationController with + # protect_from_forgery - having it enabled anywhere by default breaks + # federation. + config.action_controller.default_protect_from_forgery = false + # Enable the asset pipeline config.assets.enabled = true |