]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 93fded9)
Disable CSRF token verification for API methods
authorTom Hughes <tom@compton.nu>
Fri, 30 Sep 2011 08:57:59 +0000 (09:57 +0100)
committerTom Hughes <tom@compton.nu>
Mon, 14 Nov 2011 09:42:55 +0000 (09:42 +0000)
14 files changed:
app/controllers/amf_controller.rb patch | blob | history
app/controllers/api_controller.rb patch | blob | history
app/controllers/changeset_controller.rb patch | blob | history
app/controllers/node_controller.rb patch | blob | history
app/controllers/old_node_controller.rb patch | blob | history
app/controllers/old_relation_controller.rb patch | blob | history
app/controllers/old_way_controller.rb patch | blob | history
app/controllers/relation_controller.rb patch | blob | history
app/controllers/search_controller.rb patch | blob | history
app/controllers/swf_controller.rb patch | blob | history
app/controllers/trace_controller.rb patch | blob | history
app/controllers/user_controller.rb patch | blob | history
app/controllers/user_preference_controller.rb patch | blob | history
app/controllers/way_controller.rb patch | blob | history

diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb
index 329fab5734f1f58e2c98bb01a69a9b5f52dbf637..b472ae05c67ac58583c2c7dfac482b1c6816e3c0 100644 (file)
--- a/app/controllers/amf_controller.rb
+++ b/app/controllers/amf_controller.rb
@@ -41,6 +41,7 @@ class AmfController < ApplicationController
   # Help methods for checking boundary sanity and area size
   include MapBoundary
 
+  skip_before_filter :verify_authenticity_token
   before_filter :check_api_writable
 
   # Main AMF handlers: process the raw AMF string (using AMF library) and
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 35fc86c520576dd9b502a03463f7c136a842df48..b9bb5fe59f2ff8eca5e84e8178c6df8fdb997bcc 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,5 +1,6 @@
 class ApiController < ApplicationController
 
+  skip_before_filter :verify_authenticity_token
   before_filter :check_api_readable, :except => [:capabilities]
   after_filter :compress_output
   around_filter :api_call_handle_error, :api_call_timeout
diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb
index ca501fd43183cc3d45d09d53b01eb4434064fb70..c45b211d43aa5f4ed4a04f846bec85451f7b2965 100644 (file)
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@@ -4,6 +4,7 @@ class ChangesetController < ApplicationController
   layout 'site'
   require 'xml/libxml'
 
+  skip_before_filter :verify_authenticity_token, :except => [:list]
   before_filter :authorize_web, :only => [:list]
   before_filter :set_locale, :only => [:list]
   before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close]
diff --git a/app/controllers/node_controller.rb b/app/controllers/node_controller.rb
index 19eb771638a53963b73531903326fd8c45faf936..5064a3c0b64a41e3069144e47678df91f69deda3 100644 (file)
--- a/app/controllers/node_controller.rb
+++ b/app/controllers/node_controller.rb
@@ -3,6 +3,7 @@
 class NodeController < ApplicationController
   require 'xml/libxml'
 
+  skip_before_filter :verify_authenticity_token
   before_filter :authorize, :only => [:create, :update, :delete]
   before_filter :require_allow_write_api, :only => [:create, :update, :delete]
   before_filter :require_public_data, :only => [:create, :update, :delete]
diff --git a/app/controllers/old_node_controller.rb b/app/controllers/old_node_controller.rb
index 4a1253034ac90f49464b6d99f922e2c6e9cce921..615213ac18996f3a4418cbd71fd49d1c4ea7d9c2 100644 (file)
--- a/app/controllers/old_node_controller.rb
+++ b/app/controllers/old_node_controller.rb
@@ -1,6 +1,7 @@
 class OldNodeController < ApplicationController
   require 'xml/libxml'
 
+  skip_before_filter :verify_authenticity_token
   before_filter :check_api_readable
   after_filter :compress_output
   around_filter :api_call_handle_error, :api_call_timeout
diff --git a/app/controllers/old_relation_controller.rb b/app/controllers/old_relation_controller.rb
index 771b322ee0ab96c0b683fff94c3bd0d92d8496d4..19b4e5d3490db60cd2a825242e1f38930648cd8a 100644 (file)
--- a/app/controllers/old_relation_controller.rb
+++ b/app/controllers/old_relation_controller.rb
@@ -1,6 +1,7 @@
 class OldRelationController < ApplicationController
   require 'xml/libxml'
 
+  skip_before_filter :verify_authenticity_token
   before_filter :check_api_readable
   after_filter :compress_output
   around_filter :api_call_handle_error, :api_call_timeout
diff --git a/app/controllers/old_way_controller.rb b/app/controllers/old_way_controller.rb
index c20212df4e4146e69c00e0433b85bf4cab1d6478..3836d4ab7c5167f8675d7c11db003521bb69c2d8 100644 (file)
--- a/app/controllers/old_way_controller.rb
+++ b/app/controllers/old_way_controller.rb
@@ -1,6 +1,7 @@
 class OldWayController < ApplicationController
   require 'xml/libxml'
 
+  skip_before_filter :verify_authenticity_token
   before_filter :check_api_readable
   after_filter :compress_output
   around_filter :api_call_handle_error, :api_call_timeout
diff --git a/app/controllers/relation_controller.rb b/app/controllers/relation_controller.rb
index 10328aae47c907bb2d490e46901e4a1acd887253..0b989d11e5fc21b8ba5dff32c55f3e6262698c04 100644 (file)
--- a/app/controllers/relation_controller.rb
+++ b/app/controllers/relation_controller.rb
@@ -1,6 +1,7 @@
 class RelationController < ApplicationController
   require 'xml/libxml'
 
+  skip_before_filter :verify_authenticity_token
   before_filter :authorize, :only => [:create, :update, :delete]
   before_filter :require_allow_write_api, :only => [:create, :update, :delete]
   before_filter :require_public_data, :only => [:create, :update, :delete]
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 210e0811b34a232daebf3d5db44f09276b4488b8..408b4a6629d93f35c932757bbd5edb9df16928b0 100644 (file)
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -2,6 +2,7 @@ class SearchController < ApplicationController
   # Support searching for nodes, ways, or all
   # Can search by tag k, v, or both (type->k,value->v)
   # Can search by name (k=name,v=....)
+  skip_before_filter :verify_authenticity_token
   after_filter :compress_output
 
   def search_all
diff --git a/app/controllers/swf_controller.rb b/app/controllers/swf_controller.rb
index 0e7e15bbf322655897d1be135b42e188a0c8a982..10ec815dba820dc2d9c57098e48af22d6cbc593f 100644 (file)
--- a/app/controllers/swf_controller.rb
+++ b/app/controllers/swf_controller.rb
@@ -1,4 +1,5 @@
 class SwfController < ApplicationController
+       skip_before_filter :verify_authenticity_token
        before_filter :check_api_readable
 
 # to log:
diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb
index 1ca28246f9ce0a723a85dd4be733f8a02f3fdbcd..cdfa5e3cbe76f60b460fb1e8843225b6a00a101d 100644 (file)
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@@ -1,6 +1,7 @@
 class TraceController < ApplicationController
   layout 'site'
 
+  skip_before_filter :verify_authenticity_token, :only => [:api_create, :api_read, :api_update, :api_delete, :api_data]
   before_filter :authorize_web
   before_filter :set_locale
   before_filter :require_user, :only => [:mine, :create, :edit, :delete]
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index fa93313b3df5a782b18172359970edeba02ef340..16b76196b712925f5d491e75d127aed93334be16 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -1,6 +1,7 @@
 class UserController < ApplicationController
   layout :choose_layout
 
+  skip_before_filter :verify_authenticity_token, :only => [:api_details, :api_gpx_files]
   before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
   before_filter :authorize, :only => [:api_details, :api_gpx_files]
   before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
diff --git a/app/controllers/user_preference_controller.rb b/app/controllers/user_preference_controller.rb
index d02313497ef61408eb1667852c95abaa4e386366..377e78313ef3dde90ba92a69d174ce32afa9fc4f 100644 (file)
--- a/app/controllers/user_preference_controller.rb
+++ b/app/controllers/user_preference_controller.rb
@@ -1,5 +1,6 @@
 # Update and read user preferences, which are arbitrayr key/val pairs
 class UserPreferenceController < ApplicationController
+  skip_before_filter :verify_authenticity_token
   before_filter :authorize
   before_filter :require_allow_read_prefs, :only => [:read_one, :read]
   before_filter :require_allow_write_prefs, :except => [:read_one, :read]
diff --git a/app/controllers/way_controller.rb b/app/controllers/way_controller.rb
index e20eb1a7970c2942176d4302ecd987fc0b652ff1..c3ffe3c0f457f488c899c2fbd2f1bf67858e4f22 100644 (file)
--- a/app/controllers/way_controller.rb
+++ b/app/controllers/way_controller.rb
@@ -1,6 +1,7 @@
 class WayController < ApplicationController
   require 'xml/libxml'
 
+  skip_before_filter :verify_authenticity_token
   before_filter :authorize, :only => [:create, :update, :delete]
   before_filter :require_allow_write_api, :only => [:create, :update, :delete]
   before_filter :require_public_data, :only => [:create, :update, :delete]
The OpenStreetMap web site