From f1002b953d239d743041f658f9098175706eb035 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Mon, 14 Sep 2020 14:13:15 +0100
Subject: [PATCH] Disable Javascript CSRF protection on
 EnterprisesController#check_permalink route

This route checks if an enterprise permalink is taken or not. Allowing the route to be accessed via Javascript without strict CSRF protection is reasonable. Fixes the following errors:

ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
---
 app/controllers/enterprises_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/enterprises_controller.rb b/app/controllers/enterprises_controller.rb
index 7488fa8c4d..3dfd5a2351 100644
--- a/app/controllers/enterprises_controller.rb
+++ b/app/controllers/enterprises_controller.rb
@@ -6,6 +6,8 @@ class EnterprisesController < BaseController
   include OrderCyclesHelper
   include SerializerHelper
 
+  protect_from_forgery except: :check_permalink
+
   # These prepended filters are in the reverse order of execution
   prepend_before_action :set_order_cycles, :require_distributor_chosen, :reset_order, only: :shop