1. 06 Mar, 2019 1 commit
    • Bob Van Landuyt's avatar
      Allow GraphQL requests without CSRF token · b623932e
      Bob Van Landuyt authored
      With this we allow authentication using a session or using personal
      access token.
      
      Authentication using a session, and CSRF token makes it easy to play
      with GraphQL from the Graphiql endpoint we expose.
      
      But we cannot enforce CSRF validity, otherwise authentication for
      regular API clients would fail when they use personal access tokens to
      authenticate.
      b623932e