chore: Suppress the unnecessary CSRF warning (#2606)

Suppress the unnecessary CSRF warning
2021-07-14 18:40:24 +05:30
parent dfddf9cacc
commit a5bc81b304
13 changed files with 11 additions and 9 deletions
--- a/app/controllers/api/v1/accounts/contacts_controller.rb
+++ b/app/controllers/api/v1/accounts/contacts_controller.rb
@@ -7,7 +7,6 @@ class Api::V1::Accounts::ContactsController < Api::V1::Accounts::BaseController
  sort_on :last_activity_at, type: :datetime

  RESULTS_PER_PAGE = 15
-  protect_from_forgery with: :null_session

  before_action :check_authorization
  before_action :set_current_page, only: [:index, :active, :search]
--- a/app/controllers/api/v1/accounts/custom_filters_controller.rb
+++ b/app/controllers/api/v1/accounts/custom_filters_controller.rb
@@ -1,5 +1,4 @@
 class Api::V1::Accounts::CustomFiltersController < Api::V1::Accounts::BaseController
-  protect_from_forgery with: :null_session
  before_action :fetch_custom_filters, except: [:create]
  before_action :fetch_custom_filter, only: [:show, :update, :destroy]
  DEFAULT_FILTER_TYPE = 'conversation'.freeze
--- a/app/controllers/api/v1/accounts/notifications_controller.rb
+++ b/app/controllers/api/v1/accounts/notifications_controller.rb
@@ -1,7 +1,6 @@
 class Api::V1::Accounts::NotificationsController < Api::V1::Accounts::BaseController
  RESULTS_PER_PAGE = 15

-  protect_from_forgery with: :null_session
  before_action :fetch_notification, only: [:update]
  before_action :set_primary_actor, only: [:read_all]
  before_action :set_current_page, only: [:index]
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -1,7 +1,6 @@
 class Api::V1::AccountsController < Api::BaseController
  include AuthHelper

-  skip_before_action :verify_authenticity_token, only: [:create]
  skip_before_action :authenticate_user!, :set_current_user, :handle_with_exception,
                     only: [:create], raise: false
  before_action :check_signup_enabled, only: [:create]
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,13 +3,12 @@ class ApplicationController < ActionController::Base
  include Pundit
  include SwitchLocale

-  protect_from_forgery with: :null_session
+  skip_before_action :verify_authenticity_token

  before_action :set_current_user, unless: :devise_controller?
  around_action :switch_locale
  around_action :handle_with_exception, unless: :devise_controller?

-  # after_action :verify_authorized
  rescue_from ActiveRecord::RecordInvalid, with: :render_record_invalid

  private
--- a/app/controllers/platform_controller.rb
+++ b/app/controllers/platform_controller.rb
@@ -1,6 +1,4 @@
-class PlatformController < ActionController::Base
-  protect_from_forgery with: :null_session
-
+class PlatformController < ActionController::API
  before_action :ensure_access_token
  before_action :set_platform_app
  before_action :set_resource, only: [:update, :show, :destroy]
--- a/app/controllers/public_controller.rb
+++ b/app/controllers/public_controller.rb
@@ -1,3 +1,5 @@
+# TODO: we should switch to ActionController::API for the base classes
+# One of the specs is failing when I tried doing that, lets revisit in future
 class PublicController < ActionController::Base
  skip_before_action :verify_authenticity_token
 end