Files
Jeremy Daer 49f06d0b22 Address review: keep disk PUT CSRF-exempt, use intent helpers
- Including Authentication re-arms protect_from_forgery on DiskController.
  Active Storage's direct-upload service PUT (#update) sends only signed
  service headers and no CSRF token, so a real authenticated upload would
  422 storing bytes. Re-exempt #update from forgery protection; the signed
  URL token and session check still gate the write.
- Swap the raw skip_before_action for the Authentication concern's
  intent-revealing allow_unauthenticated_access / allow_bot_access helpers
  on #show, matching the rest of the app.
- Scope the test's ActiveStorage::Current.url_options override to a
  set { } block so it can't leak thread-local state into later tests.
2026-06-15 13:10:59 -07:00
..
2025-08-21 09:31:59 +01:00
2025-12-01 13:50:53 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-11-26 14:30:38 +00:00
2025-08-21 09:31:59 +01:00