Update ApplicationController to allow API requests (nanego#97)

pantographe · Oct 18, 2023 · f1aacca · f1aacca
1 parent ce7fce6
commit f1aacca
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -10,7 +10,8 @@ class ApplicationController < ActionController::Base
 
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :exception, unless: -> { request.format.json? }
+  protect_from_forgery with: :null_session, if: -> { request.format.json? }
 
   rescue_from ActiveRecord::RecordNotFound, with: :show_not_found_error