bastodon/app/controllers/api/v1/admin
Claire 62c6e12fa5
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
2022-04-06 20:57:18 +02:00
..
trends Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
account_actions_controller.rb Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
accounts_controller.rb Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
dimensions_controller.rb Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
measures_controller.rb Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
reports_controller.rb Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00
retention_controller.rb Fix admin API unconditionally requiring CSRF token (#17975) 2022-04-06 20:57:18 +02:00