Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix some user-independent endpoints potentially reading session cookies (#24650)

Browse source
This commit is contained in:
Claire 2023-04-25 22:14:44 +02:00 committed by GitHub
parent 276c39361b
commit 1419f90ef2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/manifests_controller.rb
View file

@ -1,6 +1,10 @@
# frozen_string_literal: true
class ManifestsController < ActionController::Base # rubocop:disable Rails/ApplicationController
# Prevent `active_model_serializer`'s `ActionController::Serialization` from calling `current_user`
# and thus re-issuing session cookies
serialization_scope nil
def show
expires_in 3.minutes, public: true
render json: InstancePresenter.new, serializer: ManifestSerializer, root: 'instance'