Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-23 14:55:15 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-ai/assets/javascripts
History
Exact
Roman Rizzi aa3e44b32c
FIX: State-changing summary generation is exposed via GET (CSRFable navigation) (#40232) 
## Summary

State-changing summary generation/streaming is exposed via GET endpoint,
bypassing CSRF protection and allowing cross-site triggering of summary
generation and credit consumption.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/334
- Original commit:
https://github.com/discourse/discourse/blob/main/plugins/discourse-ai/app/controllers/discourse_ai/summarization/summary_controller.rb

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>

---------

Co-authored-by: discourse-patch-triage[bot] <272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-05-22 13:59:21 -03:00
..
discourse FIX: State-changing summary generation is exposed via GET (CSRFable navigation) (#40232) 2026-05-22 13:59:21 -03:00
lib/discourse-markdown FEATURE: add thinking animation when thinking blocks are in progress (#36673) 2025-12-16 08:07:25 +11:00