Allow to download javascript attachments again (#23376).

Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@15856 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2016-10-01 09:24:34 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2016-10-01 09:24:34 +0000
commit: 76bf2404d5114bdb4fc03a314e5e01af1fb66b5f (patch)
tree: ea0f53a9e54b162d50b7910b9ad3f5e807a3320f /app
parent: d478785aeacd65e40570b1cd4513864efa5fbac4 (diff)
download: redmine-76bf2404d5114bdb4fc03a314e5e01af1fb66b5f.tar.gz
redmine-76bf2404d5114bdb4fc03a314e5e01af1fb66b5f.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 7387809bf..19a51b9cc 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -22,6 +22,10 @@ class AttachmentsController < ApplicationController
   before_action :delete_authorize, :only => :destroy
   before_action :authorize_global, :only => :upload
 
+  # Disable check for same origin requests for JS files, i.e. attachments with
+  # MIME type text/javascript.
+  skip_after_filter :verify_same_origin_request, :only => :download
+
   accept_api_auth :show, :download, :thumbnail, :upload, :destroy
 
   def show
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2016-10-01 09:24:34 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2016-10-01 09:24:34 +0000
commit	76bf2404d5114bdb4fc03a314e5e01af1fb66b5f (patch)
tree	ea0f53a9e54b162d50b7910b9ad3f5e807a3320f /app
parent	d478785aeacd65e40570b1cd4513864efa5fbac4 (diff)
download	redmine-76bf2404d5114bdb4fc03a314e5e01af1fb66b5f.tar.gz redmine-76bf2404d5114bdb4fc03a314e5e01af1fb66b5f.zip