Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • rqlcontroller rqlcontroller
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 0
    • Issues 0
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 1
    • Merge requests 1
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • cubicweb
  • cubes
  • rqlcontrollerrqlcontroller
  • Merge requests
  • !18

feat: disable csrf for RQLIO controllers

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Simon Chabot requested to merge topic/default/disable-csrf into branch/default Jul 30, 2021
  • Overview 2
  • Commits 8
  • Pipelines 5
  • Changes 9

As of Cubicweb 3.32, there is a CSRF check on every controllers. However, the RQLIO one is a bit peculiar, as it is intended to be used by authenticated 3rd-parties, meaning that we can disable CSRF check because the RQLIO controllers does not rely on cookie authentication.

Assignee
Assign to
Reviewer
Request review from
Time tracking
Source branch: topic/default/disable-csrf