From 77d3a38e49e01b6b75220af3f535ea7229dd20b7 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Fri, 16 May 2025 09:30:38 +0100
Subject: [PATCH] FIX: AI share page assets via CDN on login-required sites
 (#1343)

AI share page assets are loaded via the app CDN, which means the requests have no authentication and will never appear to the app as "logged in". Therefore we should skip the `redirect_to_login_if_required` before_action.
---
 .../discourse_ai/ai_bot/shared_ai_conversations_controller.rb   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb b/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb
index f58d350c..3d86b2d4 100644
--- a/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb
+++ b/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb
@@ -8,7 +8,7 @@ module DiscourseAi
       before_action :require_site_settings!
 
       skip_before_action :preload_json, :check_xhr, only: %i[show asset]
-      skip_before_action :verify_authenticity_token, only: ["asset"]
+      skip_before_action :redirect_to_login_if_required, :verify_authenticity_token, only: %i[asset]
 
       def create
         ensure_allowed_create!