sunoru/mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix some user-independent endpoints potentially reading session cookies (#24650)

Browse source
This commit is contained in:
Claire 2023-04-25 22:14:44 +02:00 committed by GitHub
parent 276c39361b
commit 1419f90ef2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/api/v1/instances/peers_controller.rb
View file

@ -4,9 +4,15 @@ class Api::V1::Instances::PeersController < Api::BaseController
before_action :require_enabled_api!
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_around_action :set_locale
vary_by ''
# Override `current_user` to avoid reading session cookies unless in whitelist mode
def current_user
super if whitelist_mode?
end
def index
cache_even_if_authenticated!
render_with_cache(expires_in: 1.day) { Instance.where.not(domain: DomainBlock.select(:domain)).pluck(:domain) }