From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Thu, 12 May 2022 05:55:12 +0000 (+0000)
Subject: Merged r21568 to 5.0-stable (#37030).
X-Git-Tag: 5.0.1~5
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=a79fb7434ff4fb68d393412478d7611e02bc18ba;p=redmine.git

Merged r21568 to 5.0-stable (#37030).

git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@21572 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/mail_handler_controller.rb b/app/controllers/mail_handler_controller.rb
index aabc3cbac..fa69b829f 100644
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -22,6 +22,9 @@ class MailHandlerController < ActionController::Base
 
   before_action :check_credential
 
+  # Requests from rdm-mailhandler.rb don't contain CSRF tokens
+  skip_before_action :verify_authenticity_token
+
   # Displays the email submission form
   def new
   end
diff --git a/test/functional/mail_handler_controller_test.rb b/test/functional/mail_handler_controller_test.rb
index 75f6fbef3..b77070d1d 100644
--- a/test/functional/mail_handler_controller_test.rb
+++ b/test/functional/mail_handler_controller_test.rb
@@ -170,4 +170,11 @@ class MailHandlerControllerTest < Redmine::ControllerTest
     end
     assert_response :success
   end
+
+  def test_should_skip_verify_authenticity_token
+    ActionController::Base.allow_forgery_protection = true
+    assert_nothing_raised {test_should_create_issue}
+  ensure
+    ActionController::Base.allow_forgery_protection = false
+  end
 end