From 879333fd3ce481460fda74a19e26d5e16ff008f8 Mon Sep 17 00:00:00 2001
From: Rob Vermaas <rob.vermaas@gmail.com>
Date: Thu, 14 Jun 2018 17:22:35 +0200
Subject: [PATCH] Make /api/push-github public for private Hydra instances.
 This makes it possible to use webhooks to trigger evaluations for private
 Hydra instances.

---
 src/lib/Hydra/Controller/Root.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lib/Hydra/Controller/Root.pm b/src/lib/Hydra/Controller/Root.pm
index 1a4a57f4..146c37a4 100644
--- a/src/lib/Hydra/Controller/Root.pm
+++ b/src/lib/Hydra/Controller/Root.pm
@@ -26,6 +26,7 @@ sub noLoginNeeded {
   my $whitelisted = any { $_ eq $hostname } split(/,/, $readonly_ips);
 
   return $whitelisted ||
+         $c->request->path eq "api/push-github" ||
          $c->request->path eq "google-login" ||
          $c->request->path eq "login" ||
          $c->request->path eq "logo" ||
@@ -69,7 +70,7 @@ sub begin :Private {
     $_->supportedInputTypes($c->stash->{inputTypes}) foreach @{$c->hydra_plugins};
 
     # XSRF protection: require POST requests to have the same origin.
-    if ($c->req->method eq "POST") {
+    if ($c->req->method eq "POST" && $c->req->path ne "api/push-github") {
         my $referer = $c->req->header('Origin');
         $referer //= $c->req->header('Referer');
         my $base = $c->req->base;