]> source.dussan.org Git - redmine.git/commitdiff
Don't verify CSRF authenticity token in mail handler (#37030).
authorMarius Balteanu <marius.balteanu@zitec.com>
Wed, 11 May 2022 20:09:16 +0000 (20:09 +0000)
committerMarius Balteanu <marius.balteanu@zitec.com>
Wed, 11 May 2022 20:09:16 +0000 (20:09 +0000)
Patch by Go MAEDA.

git-svn-id: https://svn.redmine.org/redmine/trunk@21568 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/mail_handler_controller.rb
test/functional/mail_handler_controller_test.rb

index aabc3cbac18073ec8422ef0ae7deb54fc506c392..fa69b829f0412807d6088b61d9994b102dec8363 100644 (file)
@@ -22,6 +22,9 @@ class MailHandlerController < ActionController::Base
 
   before_action :check_credential
 
+  # Requests from rdm-mailhandler.rb don't contain CSRF tokens
+  skip_before_action :verify_authenticity_token
+
   # Displays the email submission form
   def new
   end
index 75f6fbef3bc15e1e02e93aa287f4df2c54a78360..b77070d1d91aa4bf449b477f5313a8c733415d68 100644 (file)
@@ -170,4 +170,11 @@ class MailHandlerControllerTest < Redmine::ControllerTest
     end
     assert_response :success
   end
+
+  def test_should_skip_verify_authenticity_token
+    ActionController::Base.allow_forgery_protection = true
+    assert_nothing_raised {test_should_create_issue}
+  ensure
+    ActionController::Base.allow_forgery_protection = false
+  end
 end