activity feed: restrict csrf_token usage unless logged in to prevent cookie setting, remove the unused rack-cache

2025-08-06 01:24:56 +02:00 · 2025-04-24 17:54:37 -05:00 · 2025-04-24 17:54:37 -05:00 · e21e20b32e
commit e21e20b32e
parent 9479ca05d0
9 changed files with 34 additions and 45 deletions
--- a/app/activity.rb
+++ b/app/activity.rb
@ -1,6 +1,4 @@
 get '/activity' do
-  #expires 7200, :public, :must_revalidate if self.class.production? # 2 hours
-
  @page = params[:page] || 1

  if params[:tag]
--- a/app/admin.rb
+++ b/app/admin.rb
@ -75,7 +75,6 @@ end

 get '/admin/stats' do
  require_admin
-  # expires 14400, :public, :must_revalidate if self.class.production? # 4 hours

  @stats = {
    total_hosted_site_hits: DB['SELECT SUM(hits) FROM sites'].first[:sum],