mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-21 16:51:34 +02:00
Code Issues Releases Wiki Activity

Bypass CSRF token check when using access tokens

Browse Source 
Fixes #1828.
This commit is contained in:
Franz Liedke
2019-08-01 22:53:31 +02:00
parent 51b33c8cab
commit 2fc2cd5863
2 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework/core/src/Http/Middleware/AuthenticateWithHeader.php
View File

@@ -41,7 +41,6 @@ class AuthenticateWithHeader implements Middleware
$request = $request->withAttribute('apiKey', $key);
$request = $request->withAttribute('bypassFloodgate', true);
$request = $request->withAttribute('bypassCsrfToken', true);
} elseif ($token = AccessToken::find($id)) {
$token->touch();
@@ -50,6 +49,7 @@ class AuthenticateWithHeader implements Middleware
if (isset($actor)) {
$request = $request->withAttribute('actor', $actor);
$request = $request->withAttribute('bypassCsrfToken', true);
$request = $request->withoutAttribute('session');
}
}