1
0
Fork 0
mirror of https://code.sup39.dev/repos/Wqawg synced 2024-12-29 00:24:51 +09:00

Don't check CSRF token in InboxR, POSTs there freely come from other servers

This commit is contained in:
fr33domlover 2019-03-05 09:00:22 +00:00
parent 6e721797e9
commit c26289cf42

View file

@ -151,6 +151,7 @@ instance Yesod App where
handler
(getCurrentRoute >>= \ mr -> case mr of
Nothing -> return False
Just InboxR -> return False
Just (GitUploadRequestR _ _) -> return False
Just r -> isWriteRequest r
)