consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d90efa15e4e671b4316a7436bb4f56d9cd78cd64
nairobi/app/controllers
History
Javi Martín d90efa15e4 Fix InvalidCrossOriginRequest response 
When requesting files like `/hackattempt.js`, the pages controller was
responding with 404 status code.

However, since the request was considered a JavaScript request (because
of the `.js` extension), the response was also considered to be a
JavaScript one, and since the request wasn't an AJAX request, our
protection from forgery was preventing a potential security issue by
raising an InvalidCrossOriginRequest exception.

By setting HTML as content type, we correctly respond with a 404 status
code.

More info:

https://die-antwort.eu/techblog/2018-08-avoid-invalid-cross-origin-request-with-catch-all-route/
2019-04-25 20:48:38 +02:00
..
admin
Fix queries and scopes after column deletion
2019-04-17 17:40:55 +02:00
budgets
Fix queries and scopes after column deletion
2019-04-17 17:40:55 +02:00
concerns
Add missing double quotes
2019-03-25 13:22:35 +01:00
legislation
Use Legislation::BaseController on instead of ApplicationController
2019-04-17 17:40:56 +02:00
management
fixes specs related to ActionController params
2019-04-17 17:40:55 +02:00
moderation
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
officing
Adds Ballot Sheet model and business logic
2019-04-10 16:04:39 +02:00
organizations
Fix all rubocop Metrics/LineLength issues (140+)
2017-07-10 13:22:49 +02:00
polls
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
users
Fix deprecation warning calling `env' in controllers
2019-04-17 17:40:55 +02:00
valuation
Remove parameterise deprecation warning
2019-04-17 17:40:55 +02:00
verification
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
account_controller.rb
Enable 'Recommended proposals' setting for users
2018-07-15 21:28:57 -04:00
application_controller.rb
protect_from_forgery is not prepended by default
2019-04-25 14:22:19 +02:00
budgets_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
comments_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
communities_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
debates_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
direct_messages_controller.rb
direct_uploads_controller.rb
Rubocop autocorrections
2017-10-17 22:00:00 +02:00
documents_controller.rb
Fix destroy document specs
2019-01-24 21:39:43 +01:00
follows_controller.rb
Fix parameterise deprecation warning
2019-04-17 17:40:55 +02:00
graphql_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
images_controller.rb
Remove images single uploads
2017-09-27 10:41:48 +02:00
installation_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
notifications_controller.rb
Improves some code format details
2018-10-31 14:22:10 +01:00
pages_controller.rb
Fix InvalidCrossOriginRequest response
2019-04-25 20:48:38 +02:00
polls_controller.rb
Fix queries and scopes after column deletion
2019-04-17 17:40:55 +02:00
proposal_notifications_controller.rb
Extend notifications to be marked as read and unread
2018-03-23 11:47:06 +01:00
proposals_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
related_contents_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
sandbox_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
spending_proposals_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
stats_controller.rb
Use double quotes inside string interpolation
2019-03-25 14:58:54 +01:00
tags_controller.rb
The tags are suggested based on the entries the user makes.
2017-09-21 18:21:45 +02:00
topics_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
users_controller.rb
Add new settings tab for participation processes
2019-03-19 19:45:32 +01:00
verification_controller.rb
Use double quotes in controllers/
2019-03-13 22:19:49 +01:00
welcome_controller.rb
Require logged in user if navigate to /welcome
2019-03-19 14:55:51 +01:00