diff options
| author | Go MAEDA <maeda@farend.jp> | 2022-08-10 01:34:37 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2022-08-10 01:34:37 +0000 |
| commit | d38f97ce473467e5089f46af3eca4103898be8e5 (patch) | |
| tree | cf3aef22e35b86ffbd069c1c372c619b193bf790 | |
| parent | 6ef581d2571d3c1a95c52e5a284fe4b46f7c6dde (diff) | |
| download | redmine-d38f97ce473467e5089f46af3eca4103898be8e5.tar.gz redmine-d38f97ce473467e5089f46af3eca4103898be8e5.zip | |
POST Requests to repository WS fail with "Can't verify CSRF token authenticity" (#37562).
Patch by Go MAEDA.
git-svn-id: https://svn.redmine.org/redmine/trunk@21766 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/sys_controller.rb | 3 | ||||
| -rw-r--r-- | test/functional/sys_controller_test.rb | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/app/controllers/sys_controller.rb b/app/controllers/sys_controller.rb index 4295eed67..9dfd41891 100644 --- a/app/controllers/sys_controller.rb +++ b/app/controllers/sys_controller.rb @@ -22,6 +22,9 @@ class SysController < ActionController::Base before_action :check_enabled + # Requests from repository WS clients don't contain CSRF tokens + skip_before_action :verify_authenticity_token + def projects p = Project.active.has_module(:repository). order("#{Project.table_name}.identifier").preload(:repository).to_a diff --git a/test/functional/sys_controller_test.rb b/test/functional/sys_controller_test.rb index edc5c4945..5a6741fd8 100644 --- a/test/functional/sys_controller_test.rb +++ b/test/functional/sys_controller_test.rb @@ -143,4 +143,11 @@ class SysControllerTest < Redmine::ControllerTest assert_include 'Access denied', response.body end end + + def test_should_skip_verify_authenticity_token + ActionController::Base.allow_forgery_protection = true + assert_nothing_raised {test_create_project_repository} + ensure + ActionController::Base.allow_forgery_protection = false + end end |