From 2edcf58d64421cedf279c3997a1457424d54b428 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Wed, 12 Feb 2020 12:22:37 -0300
Subject: [PATCH] no aplicar protecciones al recibir reportes CSP

An ActionController::InvalidAuthenticityToken occurred in
csp_reports#create:

The browser returned a 'null' origin for a request with origin-based
forgery protection turned on.  This usually means you have the
'no-referrer' Referrer-Policy header enabled, or that the request came
from a site that refused to give its origin.  This makes it impossible
for Rails to verify the source of the requests.  Likely the best
solution is to change your referrer policy to something less strict like
same-origin or strict-origin.  If you cannot change the referrer policy,
you can disable origin checking with the
Rails.application.config.action_controller.forgery_protection_origin_check
setting.
---
 app/controllers/api/v1/csp_reports_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/api/v1/csp_reports_controller.rb b/app/controllers/api/v1/csp_reports_controller.rb
index cdce92d6..1c1ef0a0 100644
--- a/app/controllers/api/v1/csp_reports_controller.rb
+++ b/app/controllers/api/v1/csp_reports_controller.rb
@@ -4,6 +4,8 @@ module Api
   module V1
     # Recibe los reportes de Content Security Policy
     class CspReportsController < BaseController
+      skip_forgery_protection
+
       # Crea un reporte de CSP intercambiando los guiones medios por
       # bajos
       #