SubmissionsController: Allow JS to be "rendered"
We skip verifying the authenticity token for the action, to prevent raising a `ActionController::InvalidCrossOriginRequest` exception.
This commit is contained in:
@ -15,8 +15,9 @@ class SubmissionsController < ApplicationController
|
||||
# Overwrite the CSP header and some default actions for the :render_file action
|
||||
content_security_policy false, only: :render_file
|
||||
skip_before_action :deny_access_from_render_host, only: :render_file
|
||||
skip_before_action :verify_authenticity_token, only: :render_file
|
||||
before_action :require_user!, except: :render_file
|
||||
# We want to serve .js files without raising a `ActionController::InvalidCrossOriginRequest` exception
|
||||
skip_before_action :verify_authenticity_token, only: %i[render_file download_file]
|
||||
|
||||
def create
|
||||
@submission = Submission.new(submission_params)
|
||||
|
Reference in New Issue
Block a user