summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/mail_handler_controller.rb3
-rw-r--r--test/functional/mail_handler_controller_test.rb7
2 files changed, 10 insertions, 0 deletions
diff --git a/app/controllers/mail_handler_controller.rb b/app/controllers/mail_handler_controller.rb
index aabc3cbac..fa69b829f 100644
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -22,6 +22,9 @@ class MailHandlerController < ActionController::Base
before_action :check_credential
+ # Requests from rdm-mailhandler.rb don't contain CSRF tokens
+ skip_before_action :verify_authenticity_token
+
# Displays the email submission form
def new
end
diff --git a/test/functional/mail_handler_controller_test.rb b/test/functional/mail_handler_controller_test.rb
index 75f6fbef3..b77070d1d 100644
--- a/test/functional/mail_handler_controller_test.rb
+++ b/test/functional/mail_handler_controller_test.rb
@@ -170,4 +170,11 @@ class MailHandlerControllerTest < Redmine::ControllerTest
end
assert_response :success
end
+
+ def test_should_skip_verify_authenticity_token
+ ActionController::Base.allow_forgery_protection = true
+ assert_nothing_raised {test_should_create_issue}
+ ensure
+ ActionController::Base.allow_forgery_protection = false
+ end
end