Disable CSRF for the whole API

This commit is contained in:
Baptiste Gelez 2018-10-22 14:36:44 +01:00
parent 2394ff424b
commit 663ec52fea

View File

@ -180,7 +180,7 @@ fn main() {
("/@/<name>/inbox".to_owned(), "/@/<name>/inbox".to_owned(), rocket::http::Method::Post),
("/login".to_owned(), "/login".to_owned(), rocket::http::Method::Post),
("/users/new".to_owned(), "/users/new".to_owned(), rocket::http::Method::Post),
("/api/v1/<endpoint>".to_owned(), "/api/v1/<endpoint>".to_owned(), rocket::http::Method::Post)
("/api/<path..>".to_owned(), "/api/<path..>".to_owned(), rocket::http::Method::Post)
])
.finalize().expect("main: csrf fairing creation error"))
.launch();