diff options
author | Benjamin Neff <benjamin@coding4coffee.ch> | 2022-07-24 02:30:41 +0300 |
---|---|---|
committer | Benjamin Neff <benjamin@coding4coffee.ch> | 2022-07-24 02:30:43 +0300 |
commit | 429a47d64d7753f14be454a519d198ca53ee7c7a (patch) | |
tree | 7bc37c85dfaaf22042a8754b9dddac43b2a1ee07 | |
parent | a88a25a5ebddad150f7a0016908697e702fde63d (diff) | |
parent | 9b6a2268e96f5a736130f6eabf3aa2c6428f3142 (diff) |
Merge pull request #8381 from SuperTux88/fix-forgery-protection-for-federation
Bump diaspora_federation and enable forgery protection by default again
-rw-r--r-- | Gemfile | 6 | ||||
-rw-r--r-- | Gemfile.lock | 18 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 1 | ||||
-rw-r--r-- | config/application.rb | 5 |
4 files changed, 12 insertions, 18 deletions
@@ -15,8 +15,8 @@ gem "unicorn-worker-killer", "0.4.5" # Federation -gem "diaspora_federation-json_schema", "1.0.0" -gem "diaspora_federation-rails", "1.0.0" +gem "diaspora_federation-json_schema", "1.0.1" +gem "diaspora_federation-rails", "1.0.1" # API and JSON @@ -245,7 +245,7 @@ group :test do gem "timecop", "0.9.5" gem "webmock", "3.14.0", require: false - gem "diaspora_federation-test", "1.0.0" + gem "diaspora_federation-test", "1.0.1" end group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index c02c73753..554a667cb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -209,18 +209,18 @@ GEM devise_lastseenable (0.0.6) devise rails (>= 3.0.4) - diaspora_federation (1.0.0) + diaspora_federation (1.0.1) faraday (>= 1.0, < 3) faraday-follow_redirects (~> 0.3) nokogiri (~> 1.6, >= 1.6.8) typhoeus (~> 1.0) valid (~> 1.0) - diaspora_federation-json_schema (1.0.0) - diaspora_federation-rails (1.0.0) + diaspora_federation-json_schema (1.0.1) + diaspora_federation-rails (1.0.1) actionpack (>= 5.2, < 8) - diaspora_federation (= 1.0.0) - diaspora_federation-test (1.0.0) - diaspora_federation (= 1.0.0) + diaspora_federation (= 1.0.1) + diaspora_federation-test (1.0.1) + diaspora_federation (= 1.0.1) fabrication (~> 2.29) uuid (~> 2.3, >= 2.3.8) diff-lcs (1.5.0) @@ -800,9 +800,9 @@ DEPENDENCIES devise (= 4.8.1) devise-two-factor (= 4.0.2) devise_lastseenable (= 0.0.6) - diaspora_federation-json_schema (= 1.0.0) - diaspora_federation-rails (= 1.0.0) - diaspora_federation-test (= 1.0.0) + diaspora_federation-json_schema (= 1.0.1) + diaspora_federation-rails (= 1.0.1) + diaspora_federation-test (= 1.0.1) eye (= 0.10.0) factory_bot_rails (= 6.2.0) faraday (= 1.10.0) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c1a16ff94..ec46be826 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,7 +7,6 @@ class ApplicationController < ActionController::Base before_action :force_tablet_html has_mobile_fu - protect_from_forgery except: :receive, with: :exception, prepend: true rescue_from ActionController::InvalidAuthenticityToken do if user_signed_in? diff --git a/config/application.rb b/config/application.rb index 9b1c1050b..7594255f8 100644 --- a/config/application.rb +++ b/config/application.rb @@ -39,11 +39,6 @@ module Diaspora # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true - # We specify CSRF protection manually in ApplicationController with - # protect_from_forgery - having it enabled anywhere by default breaks - # federation. - config.action_controller.default_protect_from_forgery = false - # Enable the asset pipeline config.assets.enabled = true |