From 18e418cc4c01ba1ea17daa1bf114e1fd05328df1 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 9 Jan 2019 10:26:12 +0100 Subject: [PATCH 1/1] Skip authorization checks for amf controller --- app/controllers/amf_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb index 4f6adae5d..fdad432a8 100644 --- a/app/controllers/amf_controller.rb +++ b/app/controllers/amf_controller.rb @@ -41,6 +41,11 @@ class AmfController < ApplicationController skip_before_action :verify_authenticity_token before_action :check_api_writable + # AMF Controller implements its own authentication and authorization checks + # completely independently of the rest of the codebase, so best just to let + # it keep doing its own thing. + skip_authorization_check + # Main AMF handlers: process the raw AMF string (using AMF library) and # calls each action (private method) accordingly. -- 2.39.5