1
0
mirror of https://github.com/mastodon/mastodon synced 2024-12-15 07:08:29 +09:00
mastodon/app/controllers/api/v1
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
2022-04-06 20:57:18 +02:00
..
accounts Fix performance of account timelines (#17709) 2022-03-08 09:14:39 +01:00
admin Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
announcements Add announcements (#12662) 2020-01-23 22:00:13 +01:00
apps Remove useless respond_to calls (#13208) 2020-03-06 01:29:38 +01:00
crypto Optimize map { ... }.compact calls (#15513) 2021-01-10 00:32:01 +01:00
emails Fix POST /api/v1/emails/confirmations not being available after sign-up (#17743) 2022-03-12 04:14:25 +01:00
featured_tags Changed tag most_used to recently_used (#14760) 2020-09-07 17:47:41 +02:00
instances Add graphs and retention metrics to admin dashboard (#16829) 2021-10-14 20:44:59 +02:00
lists Change REST API to return empty data for suspended accounts (#14765) 2020-09-11 15:16:29 +02:00
polls Add more tests for ActivityPub controllers (#13585) 2020-05-03 16:30:36 +02:00
push Add policy param to POST /api/v1/push/subscriptions (#16040) 2021-04-15 05:00:25 +02:00
statuses Add edit history to web UI (#17390) 2022-02-09 01:17:07 +01:00
timelines Refactor how public and tag timelines are queried (#14728) 2020-09-07 11:02:04 +02:00
trends Fix GET /api/v1/trends/tags missing offset param in REST API (#17973) 2022-04-06 20:56:57 +02:00
accounts_controller.rb Change follow scope to be covered by read and write scopes in REST API (#17678) 2022-03-03 16:13:40 +01:00
announcements_controller.rb Fix dismissing an announcement twice raising an obscure error (#13124) 2020-02-24 22:21:40 +01:00
apps_controller.rb Add whitelist mode (#11291) 2019-07-30 11:10:46 +02:00
blocks_controller.rb Change follow scope to be covered by read and write scopes in REST API (#17678) 2022-03-03 16:13:40 +01:00
bookmarks_controller.rb Make Array-creation behavior of Paginable more predictable (#14687) 2020-08-31 12:47:09 +02:00
conversations_controller.rb Make Array-creation behavior of Paginable more predictable (#14687) 2020-08-31 12:47:09 +02:00
custom_emojis_controller.rb Remove useless respond_to calls (#13208) 2020-03-06 01:29:38 +01:00
directories_controller.rb Add profile directory to web UI (#11688) 2019-08-30 00:14:36 +02:00
domain_blocks_controller.rb Change follow scope to be covered by read and write scopes in REST API (#17678) 2022-03-03 16:13:40 +01:00
endorsements_controller.rb Change REST API to return empty data for suspended accounts (#14765) 2020-09-11 15:16:29 +02:00
favourites_controller.rb Make Array-creation behavior of Paginable more predictable (#14687) 2020-08-31 12:47:09 +02:00
featured_tags_controller.rb Add featured tags API (#11778) 2019-09-09 10:50:33 +02:00
filters_controller.rb Remove useless respond_to calls (#13208) 2020-03-06 01:29:38 +01:00
follow_requests_controller.rb Fix duplicate notifications being possible after poll expiration (#17697) 2022-03-04 01:06:33 +01:00
instances_controller.rb Remove useless respond_to calls (#13208) 2020-03-06 01:29:38 +01:00
lists_controller.rb Add configuration option to filter replies in lists (#9205) 2020-09-01 13:31:28 +02:00
markers_controller.rb Use Rails' index_by where it makes sense (#15542) 2021-01-12 09:27:38 +01:00
media_controller.rb Allow editing media attachments for scheduled toots (#17690) 2022-03-03 16:13:58 +01:00
mutes_controller.rb Change follow scope to be covered by read and write scopes in REST API (#17678) 2022-03-03 16:13:40 +01:00
notifications_controller.rb Add types param to GET /api/v1/notifications in REST API (#17767) 2022-03-15 04:11:29 +01:00
polls_controller.rb Add more tests for ActivityPub controllers (#13585) 2020-05-03 16:30:36 +02:00
preferences_controller.rb Remove useless respond_to calls (#13208) 2020-03-06 01:29:38 +01:00
reports_controller.rb Fix report category not being saved in REST API (#17682) 2022-03-02 18:57:08 +01:00
scheduled_statuses_controller.rb Make Array-creation behavior of Paginable more predictable (#14687) 2020-08-31 12:47:09 +02:00
statuses_controller.rb Add rate limit for editing (#17728) 2022-03-09 20:06:51 +01:00
streaming_controller.rb Remove useless respond_to calls (#13208) 2020-03-06 01:29:38 +01:00
suggestions_controller.rb Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00