Escape PuSH challenge and change subscriptions and salmon APIs to text/plain

This commit is contained in:
Eugen Rochko 2016-03-21 09:24:29 +01:00
parent 68931c1ee8
commit 2ba6537f52
2 changed files with 3 additions and 1 deletions

View file

@ -1,5 +1,6 @@
class Api::SalmonController < ApiController class Api::SalmonController < ApiController
before_action :set_account before_action :set_account
respond_to :txt
def update def update
ProcessInteractionService.new.(request.body.read, @account) ProcessInteractionService.new.(request.body.read, @account)

View file

@ -1,9 +1,10 @@
class Api::SubscriptionsController < ApiController class Api::SubscriptionsController < ApiController
before_action :set_account before_action :set_account
respond_to :txt
def show def show
if @account.subscription(api_subscription_url(@account.id)).valid?(params['hub.topic'], params['hub.verify_token']) if @account.subscription(api_subscription_url(@account.id)).valid?(params['hub.topic'], params['hub.verify_token'])
render text: params['hub.challenge'], status: 200 render text: HTMLEntities.new.encode(params['hub.challenge']), status: 200
else else
render nothing: true, status: 404 render nothing: true, status: 404
end end