no aplicar protecciones al recibir reportes CSP

An ActionController::InvalidAuthenticityToken occurred in
csp_reports#create:

The browser returned a 'null' origin for a request with origin-based
forgery protection turned on.  This usually means you have the
'no-referrer' Referrer-Policy header enabled, or that the request came
from a site that refused to give its origin.  This makes it impossible
for Rails to verify the source of the requests.  Likely the best
solution is to change your referrer policy to something less strict like
same-origin or strict-origin.  If you cannot change the referrer policy,
you can disable origin checking with the
Rails.application.config.action_controller.forgery_protection_origin_check
setting.
This commit is contained in:
f 2020-02-12 12:22:37 -03:00
parent 1b0cec9005
commit 2edcf58d64
No known key found for this signature in database
GPG key ID: 2AE5A13E321F953D

View file

@ -4,6 +4,8 @@ module Api
module V1
# Recibe los reportes de Content Security Policy
class CspReportsController < BaseController
skip_forgery_protection
# Crea un reporte de CSP intercambiando los guiones medios por
# bajos
#