raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-28 01:53:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable Javascript CSRF protection on EnterprisesController#check_permalink route

Browse Source 
This route checks if an enterprise permalink is taken or not. Allowing the route to be accessed via Javascript without strict CSRF protection is reasonable. Fixes the following errors:

ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
This commit is contained in:
Matt-Yorkley
2020-09-14 14:13:15 +01:00
parent 3ebc8145df
commit f1002b953d
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/enterprises_controller.rb
View File

@@ -6,6 +6,8 @@ class EnterprisesController < BaseController
include OrderCyclesHelper
include SerializerHelper
protect_from_forgery except: :check_permalink
# These prepended filters are in the reverse order of execution
prepend_before_action :set_order_cycles, :require_distributor_chosen, :reset_order, only: :shop