Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix some user-independent endpoints potentially reading session cookies (#24650)

Browse source
This commit is contained in:
Claire 2023-04-25 22:14:44 +02:00 committed by GitHub
parent 276c39361b
commit 1419f90ef2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/api/v1/instances/extended_descriptions_controller.rb
View file

@ -2,11 +2,17 @@
class Api::V1::Instances::ExtendedDescriptionsController < Api::BaseController
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_around_action :set_locale
before_action :set_extended_description
vary_by ''
# Override `current_user` to avoid reading session cookies unless in whitelist mode
def current_user
super if whitelist_mode?
end
def show
cache_even_if_authenticated!
render json: @extended_description, serializer: REST::ExtendedDescriptionSerializer