Revision 73f99b5c
Added by Dominic Cleal about 10 years ago
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
include Foreman::Controller::Session
|
||
|
include Foreman::ThreadSession::Cleaner
|
||
|
|
||
|
protect_from_forgery
|
||
|
skip_before_filter :verify_authenticity_token, :unless => :protect_api_from_forgery?
|
||
|
|
||
|
before_filter :set_default_response_format, :authorize, :add_version_header, :set_gettext_locale
|
||
|
before_filter :session_expiry, :update_activity_time
|
||
|
|
||
| ... | ... | |
|
raise ::Foreman::Exception.new(N_("unknown permission for %s"), "#{params[:controller]}##{params[:action]}")
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def protect_api_from_forgery?
|
||
|
session[:user].present?
|
||
|
end
|
||
|
end
|
||
|
end
|
||
Also available in: Unified diff
fixes #4895 - Adds CSRF protection check to the API if a session user is present