Commit bac7c0ab authored by Simon Chabot's avatar Simon Chabot
Browse files

feat: disable csrf for RQLIO controllers

As of Cubicweb 3.32, there is a CSRF check on every controllers. However, the
RQLIO one is a bit peculiar, as it is intended to be used by authenticated
3rd-parties, meaning that we can disable CSRF check because the RQLIO
controllers does not rely on cookie authentication.
parent 8ad7b45dfdfd
......@@ -114,6 +114,7 @@ class RqlIOController(Controller):
match_request_content_type(
'application/json', 'multipart/form-data', mode='any') &
match_form_params('version'))
require_csrf = False
def json(self):
contenttype = self._cw.get_header('Content-Type', raw=False)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment