diff options
| author | Go MAEDA <maeda@farend.jp> | 2022-08-10 01:39:30 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2022-08-10 01:39:30 +0000 |
| commit | 50e6f9535ef024feac415bee254dffa537efe383 (patch) | |
| tree | c3200e9f8f9cb333ef97c952812a6e874d000180 | |
| parent | 827239000a20c5190074f04451c41308d28faf4e (diff) | |
| download | redmine-50e6f9535ef024feac415bee254dffa537efe383.tar.gz redmine-50e6f9535ef024feac415bee254dffa537efe383.zip | |
Merged r21766 from trunk to 5.0-stable (#37562).
git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@21767 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/sys_controller.rb | 3 | ||||
| -rw-r--r-- | test/functional/sys_controller_test.rb | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/app/controllers/sys_controller.rb b/app/controllers/sys_controller.rb index 4295eed67..9dfd41891 100644 --- a/app/controllers/sys_controller.rb +++ b/app/controllers/sys_controller.rb @@ -22,6 +22,9 @@ class SysController < ActionController::Base before_action :check_enabled + # Requests from repository WS clients don't contain CSRF tokens + skip_before_action :verify_authenticity_token + def projects p = Project.active.has_module(:repository). order("#{Project.table_name}.identifier").preload(:repository).to_a diff --git a/test/functional/sys_controller_test.rb b/test/functional/sys_controller_test.rb index edc5c4945..5a6741fd8 100644 --- a/test/functional/sys_controller_test.rb +++ b/test/functional/sys_controller_test.rb @@ -143,4 +143,11 @@ class SysControllerTest < Redmine::ControllerTest assert_include 'Access denied', response.body end end + + def test_should_skip_verify_authenticity_token + ActionController::Base.allow_forgery_protection = true + assert_nothing_raised {test_create_project_repository} + ensure + ActionController::Base.allow_forgery_protection = false + end end |