Skip to content

feat: disable csrf for RQLIO controllers

Simon Chabot requested to merge topic/default/disable-csrf into branch/default

As of Cubicweb 3.32, there is a CSRF check on every controllers. However, the RQLIO one is a bit peculiar, as it is intended to be used by authenticated 3rd-parties, meaning that we can disable CSRF check because the RQLIO controllers does not rely on cookie authentication.

Merge request reports

Loading