Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
don't CSRF-protect the instfs backchannel
it's protected by JWT authentication instead test-plan: - when running in an environment with CSRF protection enabled (i.e. not development, e.g. test) - with instfs plugin enabled and service running and configured - try to upload a file - upload should complete without error - in same setup (CSRF protected), try and initiate a file upload outside of the canvas UI, e.g. with curl - should still be blocked by CSRF protection Change-Id: If26d262b4cfb87ddfeb6fffca3493b7d56da7586 Reviewed-on: https://gerrit.instructure.com/130026 Reviewed-by: Andrew Huff <ahuff@instructure.com> QA-Review: Collin Parrish <cparrish@instructure.com> Tested-by: Jenkins Product-Review: Jacob Fugal <jacob@instructure.com>
- Loading branch information