API requests from Obsidian are blocked for including "Sec-Fetch-Site: none" #2939
Unanswered
alltom
asked this question in
Ideas and Issue Triage
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
request_forgery_protection.rb allows JSON requests that don't specify Sec-Fetch-Site, but it blocks API requests from Obsidian (and probably other Electron apps), which include
Sec-Fetch-Site: none.What about changing
sec_fetch_site_value.nil?tosec_fetch_site_value.nil? || request.authorization.to_s.include?("Bearer")?Beta Was this translation helpful? Give feedback.
All reactions