From 47ac579f092cef9128fa0c74798ecaffa2c888f9 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Wed, 19 Aug 2015 04:58:45 +0800
Subject: only assign auto-admin when sign up by web

---
 modules/middleware/auth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/middleware/auth.go')

diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index db643ccf28..f607460037 100644
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -80,7 +80,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 			return
 		}
 
-		if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" {
+		if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
 			csrf.Validate(ctx.Context, ctx.csrf)
 			if ctx.Written() {
 				return
-- 
cgit v1.2.3