Skip to content

Exclude random from requiring XSRF token #4040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ildyria merged 1 commit into from
Jan 28, 2026
Merged

Exclude random from requiring XSRF token #4040

ildyria merged 1 commit into from
Jan 28, 2026
+1 −0

Conversation

@ildyria
Copy link
Member

@ildyria ildyria commented Jan 28, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Bug Fixes
    • Updated the photo retrieval API endpoint to be accessible without CSRF token verification, allowing external requests to function properly.

✏️ Tip: You can customize this high-level summary in your review settings.

@ildyria ildyria requested a review from a team as a code owner January 28, 2026 16:22
@coderabbitai
Copy link

coderabbitai bot commented Jan 28, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A single URI endpoint /api/v2/Photo::random has been added to the CSRF-exempted routes in the VerifyCsrfToken middleware, allowing this endpoint to bypass CSRF verification while all other routes maintain their existing protection.

Changes

Cohort / File(s) Summary
CSRF Exemption Configuration
app/Http/Middleware/VerifyCsrfToken.php		 Added /api/v2/Photo::random to the $except array, exempting this endpoint from CSRF token validation

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A photo endpoint hops so free,
CSRF checks now set to flee—
One line of change, secure yet light,
The random snap escapes the knight!

🚥 Pre-merge checks | ✅ 1
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ildyria ildyria merged commit d2d064a into master Jan 28, 2026
44 checks passed
@ildyria ildyria deleted the fix-random branch January 28, 2026 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ildyria