self-hosted/focalboard
1
0
Fork 0
mirror of https://github.com/mattermost/focalboard.git synced 2025-07-03 23:30:29 +02:00
Code Issues Releases Activity

Don't require CSRF token for get files

Browse Source
This commit is contained in:
Chen-I Lim
2021-02-05 10:45:28 -08:00
parent b2a3dafbb2
commit c484eb8c43
2 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/api/api.go
View File

@ -55,6 +55,8 @@ func (a *API) RegisterRoutes(r *mux.Router) {
apiv1.HandleFunc("/login", a.handleLogin).Methods("POST")
apiv1.HandleFunc("/register", a.handleRegister).Methods("POST")
apiv1.HandleFunc("/files", a.sessionRequired(a.handleUploadFile)).Methods("POST")
apiv1.HandleFunc("/blocks/export", a.sessionRequired(a.handleExport)).Methods("GET")
apiv1.HandleFunc("/blocks/import", a.sessionRequired(a.handleImport)).Methods("POST")
@ -64,12 +66,9 @@ func (a *API) RegisterRoutes(r *mux.Router) {
apiv1.HandleFunc("/workspace", a.sessionRequired(a.handleGetWorkspace)).Methods("GET")
apiv1.HandleFunc("/workspace/regenerate_signup_token", a.sessionRequired(a.handlePostWorkspaceRegenerateSignupToken)).Methods("POST")
// Files API
// Get Files API
files := r.PathPrefix("/files/").Subrouter()
files.Use(a.requireCSRFToken)
files.HandleFunc("/", a.sessionRequired(a.handleUploadFile)).Methods("POST")
files.HandleFunc("/{filename}", a.sessionRequired(a.handleServeFile)).Methods("GET")
}