diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb index 52e250d02d..68ccbd5e20 100644 --- a/app/controllers/api/web/push_subscriptions_controller.rb +++ b/app/controllers/api/web/push_subscriptions_controller.rb @@ -4,6 +4,7 @@ class Api::Web::PushSubscriptionsController < Api::BaseController respond_to :json before_action :require_user! + protect_from_forgery with: :exception def create params.require(:subscription).require(:endpoint) diff --git a/config/initializers/suppress_csrf_warnings.rb b/config/initializers/suppress_csrf_warnings.rb new file mode 100644 index 0000000000..410ab585b4 --- /dev/null +++ b/config/initializers/suppress_csrf_warnings.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +ActionController::Base.log_warning_on_csrf_failure = false