fix(auth): allow any client to make a signout call (#38)

MozillaSocial · Sep 6, 2023 · 931c5d0 · 931c5d0
1 parent 1d53f73
commit 931c5d0
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
@@ -7,6 +7,9 @@ class Auth::SessionsController < Devise::SessionsController
   skip_before_action :require_functional!
   skip_before_action :update_user_sign_in
 
+  # Allow any client to call /auth/sign_out via a delete call
+  skip_before_action :verify_authenticity_token, only: [:destroy]
+
   prepend_before_action :check_suspicious!, only: [:create]
 
   include TwoFactorAuthenticationConcern