diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-11-22 22:57:30 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-11-22 22:57:30 +0000 |
| commit | 5c0078c63a201a42b972d6b2869ec21810da0b95 (patch) | |
| tree | b7dfd537c350288296ecd57fe3c876e2f5d845da /app/controllers/application_controller.rb | |
| parent | bba304ef390789627052d235c1f2bfd2227e4f2c (diff) | |
| download | redmine-5c0078c63a201a42b972d6b2869ec21810da0b95.tar.gz redmine-5c0078c63a201a42b972d6b2869ec21810da0b95.zip | |
Fixed that non-GET API requests respond with 422 (#15427).
git-svn-id: http://svn.redmine.org/redmine/trunk@12311 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fa97b179c..228be479e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -33,13 +33,19 @@ class ApplicationController < ActionController::Base layout 'base' protect_from_forgery + + def verify_authenticity_token + unless api_request? + super + end + end + def handle_unverified_request - super - cookies.delete(autologin_cookie_name) - if api_request? - logger.error "API calls must include a proper Content-type header (application/xml or application/json)." + unless api_request? + super + cookies.delete(autologin_cookie_name) + render_error :status => 422, :message => "Invalid form authenticity token." end - render_error :status => 422, :message => "Invalid form authenticity token." end before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization |