• Bob Van Landuyt's avatar
    Allow GraphQL requests without CSRF token · b623932e
    Bob Van Landuyt authored
    With this we allow authentication using a session or using personal
    access token.
    
    Authentication using a session, and CSRF token makes it easy to play
    with GraphQL from the Graphiql endpoint we expose.
    
    But we cannot enforce CSRF validity, otherwise authentication for
    regular API clients would fail when they use personal access tokens to
    authenticate.
    b623932e
graphql_spec.rb 2.49 KB