diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/attachments_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 7387809bf..19a51b9cc 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -22,6 +22,10 @@ class AttachmentsController < ApplicationController before_action :delete_authorize, :only => :destroy before_action :authorize_global, :only => :upload + # Disable check for same origin requests for JS files, i.e. attachments with + # MIME type text/javascript. + skip_after_filter :verify_same_origin_request, :only => :download + accept_api_auth :show, :download, :thumbnail, :upload, :destroy def show |