From d2d572e6564d4e1abd7603531ef8311d7f0c5ce8 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Fri, 16 May 2025 09:14:42 +0100
Subject: [PATCH] FIX: AI share page assets via CDN on login-required sites

AI share page assets are loaded via the app CDN, which means the requests have no authentication and will never appear to the app as "logged in". Therefore we should skip the `redirect_to_login_if_required` before_action.
---
 .../discourse_ai/ai_bot/shared_ai_conversations_controller.rb   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb b/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb
index f58d350c7..3d86b2d47 100644
--- a/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb
+++ b/app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb
@@ -8,7 +8,7 @@ class SharedAiConversationsController < ::ApplicationController
       before_action :require_site_settings!
 
       skip_before_action :preload_json, :check_xhr, only: %i[show asset]
-      skip_before_action :verify_authenticity_token, only: ["asset"]
+      skip_before_action :redirect_to_login_if_required, :verify_authenticity_token, only: %i[asset]
 
       def create
         ensure_allowed_create!