summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarius Balteanu <marius.balteanu@zitec.com>2022-05-12 05:55:12 +0000
committerMarius Balteanu <marius.balteanu@zitec.com>2022-05-12 05:55:12 +0000
commita79fb7434ff4fb68d393412478d7611e02bc18ba (patch)
treec0289d1c69e06bd4a562b2c63d61794f8795fd7d
parent88d033f7f666385263a256b15b78374c81a68bd7 (diff)
downloadredmine-a79fb7434ff4fb68d393412478d7611e02bc18ba.tar.gz
redmine-a79fb7434ff4fb68d393412478d7611e02bc18ba.zip
Merged r21568 to 5.0-stable (#37030).
git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@21572 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--app/controllers/mail_handler_controller.rb3
-rw-r--r--test/functional/mail_handler_controller_test.rb7
2 files changed, 10 insertions, 0 deletions
diff --git a/app/controllers/mail_handler_controller.rb b/app/controllers/mail_handler_controller.rb
index aabc3cbac..fa69b829f 100644
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -22,6 +22,9 @@ class MailHandlerController < ActionController::Base
before_action :check_credential
+ # Requests from rdm-mailhandler.rb don't contain CSRF tokens
+ skip_before_action :verify_authenticity_token
+
# Displays the email submission form
def new
end
diff --git a/test/functional/mail_handler_controller_test.rb b/test/functional/mail_handler_controller_test.rb
index 75f6fbef3..b77070d1d 100644
--- a/test/functional/mail_handler_controller_test.rb
+++ b/test/functional/mail_handler_controller_test.rb
@@ -170,4 +170,11 @@ class MailHandlerControllerTest < Redmine::ControllerTest
end
assert_response :success
end
+
+ def test_should_skip_verify_authenticity_token
+ ActionController::Base.allow_forgery_protection = true
+ assert_nothing_raised {test_should_create_issue}
+ ensure
+ ActionController::Base.allow_forgery_protection = false
+ end
end