diff options
author | Marius Balteanu <marius.balteanu@zitec.com> | 2022-05-12 05:55:12 +0000 |
---|---|---|
committer | Marius Balteanu <marius.balteanu@zitec.com> | 2022-05-12 05:55:12 +0000 |
commit | a79fb7434ff4fb68d393412478d7611e02bc18ba (patch) | |
tree | c0289d1c69e06bd4a562b2c63d61794f8795fd7d | |
parent | 88d033f7f666385263a256b15b78374c81a68bd7 (diff) | |
download | redmine-a79fb7434ff4fb68d393412478d7611e02bc18ba.tar.gz redmine-a79fb7434ff4fb68d393412478d7611e02bc18ba.zip |
Merged r21568 to 5.0-stable (#37030).
git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@21572 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r-- | app/controllers/mail_handler_controller.rb | 3 | ||||
-rw-r--r-- | test/functional/mail_handler_controller_test.rb | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/app/controllers/mail_handler_controller.rb b/app/controllers/mail_handler_controller.rb index aabc3cbac..fa69b829f 100644 --- a/app/controllers/mail_handler_controller.rb +++ b/app/controllers/mail_handler_controller.rb @@ -22,6 +22,9 @@ class MailHandlerController < ActionController::Base before_action :check_credential + # Requests from rdm-mailhandler.rb don't contain CSRF tokens + skip_before_action :verify_authenticity_token + # Displays the email submission form def new end diff --git a/test/functional/mail_handler_controller_test.rb b/test/functional/mail_handler_controller_test.rb index 75f6fbef3..b77070d1d 100644 --- a/test/functional/mail_handler_controller_test.rb +++ b/test/functional/mail_handler_controller_test.rb @@ -170,4 +170,11 @@ class MailHandlerControllerTest < Redmine::ControllerTest end assert_response :success end + + def test_should_skip_verify_authenticity_token + ActionController::Base.allow_forgery_protection = true + assert_nothing_raised {test_should_create_issue} + ensure + ActionController::Base.allow_forgery_protection = false + end end |