htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SubmissionsController: Allow JS to be "rendered"

Browse Source 
We skip verifying the authenticity token for the action, to prevent raising a `ActionController::InvalidCrossOriginRequest` exception.
This commit is contained in:
Sebastian Serth
2022-10-04 14:47:17 +02:00
parent ca13ea03c8
commit b8b7cd99bd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/submissions_controller.rb
View File

@ -15,8 +15,9 @@ class SubmissionsController < ApplicationController
# Overwrite the CSP header and some default actions for the :render_file action
content_security_policy false, only: :render_file
skip_before_action :deny_access_from_render_host, only: :render_file
skip_before_action :verify_authenticity_token, only: :render_file
before_action :require_user!, except: :render_file
# We want to serve .js files without raising a `ActionController::InvalidCrossOriginRequest` exception
skip_before_action :verify_authenticity_token, only: %i[render_file download_file]
def create
@submission = Submission.new(submission_params)