IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Skip CSRF check for POST /categories/search (#29392)

Browse Source 
This endpoint used to be a GET request, but was changed to POST to allow
larger payloads.

Follow up to commit ebc1763aa5.
This commit is contained in:
Bianca Nenciu
2024-10-24 17:06:21 +03:00
committed by GitHub
parent 0983e73c2c
commit 2f1d1cd062
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/categories_controller.rb
View File

@@ -18,6 +18,7 @@ class CategoriesController < ApplicationController
before_action :fetch_category, only: %i[show update destroy visible_groups]
before_action :initialize_staff_action_logger, only: %i[create update destroy]
skip_before_action :check_xhr, only: %i[index categories_and_latest categories_and_top redirect]
skip_before_action :verify_authenticity_token, only: %i[search]
SYMMETRICAL_CATEGORIES_TO_TOPICS_FACTOR = 1.5
MIN_CATEGORIES_TOPICS = 5