Disable CSRF token verification for API methods

2011-09-30 09:57:59 +01:00 · 2011-09-30 09:57:59 +01:00 · 071c3581e9
commit 071c3581e9
parent 93fded9641
14 changed files with 14 additions and 0 deletions
--- a/app/controllers/amf_controller.rb
+++ b/app/controllers/amf_controller.rb
@ -41,6 +41,7 @@ class AmfController < ApplicationController
  # Help methods for checking boundary sanity and area size
  include MapBoundary

+  skip_before_filter :verify_authenticity_token
  before_filter :check_api_writable

  # Main AMF handlers: process the raw AMF string (using AMF library) and
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@ -1,5 +1,6 @@
 class ApiController < ApplicationController

+  skip_before_filter :verify_authenticity_token
  before_filter :check_api_readable, :except => [:capabilities]
  after_filter :compress_output
  around_filter :api_call_handle_error, :api_call_timeout
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@ -4,6 +4,7 @@ class ChangesetController < ApplicationController
  layout 'site'
  require 'xml/libxml'

+  skip_before_filter :verify_authenticity_token, :except => [:list]
  before_filter :authorize_web, :only => [:list]
  before_filter :set_locale, :only => [:list]
  before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close]
--- a/app/controllers/node_controller.rb
+++ b/app/controllers/node_controller.rb
@ -3,6 +3,7 @@
 class NodeController < ApplicationController
  require 'xml/libxml'

+  skip_before_filter :verify_authenticity_token
  before_filter :authorize, :only => [:create, :update, :delete]
  before_filter :require_allow_write_api, :only => [:create, :update, :delete]
  before_filter :require_public_data, :only => [:create, :update, :delete]
--- a/app/controllers/old_node_controller.rb
+++ b/app/controllers/old_node_controller.rb
@ -1,6 +1,7 @@
 class OldNodeController < ApplicationController
  require 'xml/libxml'

+  skip_before_filter :verify_authenticity_token
  before_filter :check_api_readable
  after_filter :compress_output
  around_filter :api_call_handle_error, :api_call_timeout
--- a/app/controllers/old_relation_controller.rb
+++ b/app/controllers/old_relation_controller.rb
@ -1,6 +1,7 @@
 class OldRelationController < ApplicationController
  require 'xml/libxml'

+  skip_before_filter :verify_authenticity_token
  before_filter :check_api_readable
  after_filter :compress_output
  around_filter :api_call_handle_error, :api_call_timeout
--- a/app/controllers/old_way_controller.rb
+++ b/app/controllers/old_way_controller.rb
@ -1,6 +1,7 @@
 class OldWayController < ApplicationController
  require 'xml/libxml'

+  skip_before_filter :verify_authenticity_token
  before_filter :check_api_readable
  after_filter :compress_output
  around_filter :api_call_handle_error, :api_call_timeout
--- a/app/controllers/relation_controller.rb
+++ b/app/controllers/relation_controller.rb
@ -1,6 +1,7 @@
 class RelationController < ApplicationController
  require 'xml/libxml'

+  skip_before_filter :verify_authenticity_token
  before_filter :authorize, :only => [:create, :update, :delete]
  before_filter :require_allow_write_api, :only => [:create, :update, :delete]
  before_filter :require_public_data, :only => [:create, :update, :delete]
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@ -2,6 +2,7 @@ class SearchController < ApplicationController
  # Support searching for nodes, ways, or all
  # Can search by tag k, v, or both (type->k,value->v)
  # Can search by name (k=name,v=....)
+  skip_before_filter :verify_authenticity_token
  after_filter :compress_output

  def search_all
--- a/app/controllers/swf_controller.rb
+++ b/app/controllers/swf_controller.rb
@ -1,4 +1,5 @@
 class SwfController < ApplicationController
+	skip_before_filter :verify_authenticity_token
 	before_filter :check_api_readable

 # to log:
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@ -1,6 +1,7 @@
 class TraceController < ApplicationController
  layout 'site'

+  skip_before_filter :verify_authenticity_token, :only => [:api_create, :api_read, :api_update, :api_delete, :api_data]
  before_filter :authorize_web
  before_filter :set_locale
  before_filter :require_user, :only => [:mine, :create, :edit, :delete]
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -1,6 +1,7 @@
 class UserController < ApplicationController
  layout :choose_layout

+  skip_before_filter :verify_authenticity_token, :only => [:api_details, :api_gpx_files]
  before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
  before_filter :authorize, :only => [:api_details, :api_gpx_files]
  before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
--- a/app/controllers/user_preference_controller.rb
+++ b/app/controllers/user_preference_controller.rb
@ -1,5 +1,6 @@
 # Update and read user preferences, which are arbitrayr key/val pairs
 class UserPreferenceController < ApplicationController
+  skip_before_filter :verify_authenticity_token
  before_filter :authorize
  before_filter :require_allow_read_prefs, :only => [:read_one, :read]
  before_filter :require_allow_write_prefs, :except => [:read_one, :read]
--- a/app/controllers/way_controller.rb
+++ b/app/controllers/way_controller.rb
@ -1,6 +1,7 @@
 class WayController < ApplicationController
  require 'xml/libxml'

+  skip_before_filter :verify_authenticity_token
  before_filter :authorize, :only => [:create, :update, :delete]
  before_filter :require_allow_write_api, :only => [:create, :update, :delete]
  before_filter :require_public_data, :only => [:create, :update, :delete]