sup39/vervis
1
0
Fork 0
mirror of https://code.sup39.dev/repos/Wqawg synced 2024-12-28 23:54:51 +09:00
Code Issues Activity

Don't check CSRF token in InboxR, POSTs there freely come from other servers

Browse source
This commit is contained in:
fr33domlover 2019-03-05 09:00:22 +00:00
parent 6e721797e9
commit c26289cf42
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/Vervis/Foundation.hs
View file

@ -151,6 +151,7 @@ instance Yesod App where
handler handler
(getCurrentRoute >>= \ mr -> case mr of (getCurrentRoute >>= \ mr -> case mr of
Nothing -> return False Nothing -> return False
Just InboxR -> return False
Just (GitUploadRequestR _ _) -> return False Just (GitUploadRequestR _ _) -> return False
Just r -> isWriteRequest r Just r -> isWriteRequest r
) )