sunoru/mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix some user-independent endpoints potentially reading session cookies (#24650)

Browse source
This commit is contained in:
Claire 2023-04-25 22:14:44 +02:00 committed by GitHub
parent 276c39361b
commit 1419f90ef2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/well_known/nodeinfo_controller.rb
View file

@ -4,6 +4,10 @@ module WellKnown
class NodeInfoController < ActionController::Base # rubocop:disable Rails/ApplicationController
include CacheConcern
# Prevent `active_model_serializer`'s `ActionController::Serialization` from calling `current_user`
# and thus re-issuing session cookies
serialization_scope nil
def index
expires_in 3.days, public: true
render_with_cache json: {}, serializer: NodeInfo::DiscoverySerializer, adapter: NodeInfo::Adapter, expires_in: 3.days, root: 'nodeinfo'