summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2016-10-02 10:22:30 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2016-10-02 10:22:30 +0000
commit31825ff1ee663d1f9478d9587c89c903f4eac474 (patch)
treeaae8d98528ff9af2f9d846ce372930b43a53af89 /app
parentdce9b21f3fcf19e9ac062f253d7c6312e8ace247 (diff)
downloadredmine-31825ff1ee663d1f9478d9587c89c903f4eac474.tar.gz
redmine-31825ff1ee663d1f9478d9587c89c903f4eac474.zip
Merged r15856 (#23376).
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15877 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
-rw-r--r--app/controllers/attachments_controller.rb4
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index ea45397ef..ec7cb7936 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -22,6 +22,10 @@ class AttachmentsController < ApplicationController
before_filter :delete_authorize, :only => :destroy
before_filter :authorize_global, :only => :upload
+ # Disable check for same origin requests for JS files, i.e. attachments with
+ # MIME type text/javascript.
+ skip_after_filter :verify_same_origin_request, :only => :download
+
accept_api_auth :show, :download, :thumbnail, :upload, :destroy
def show