Merged r12311 (#15427).

git-svn-id: http://svn.redmine.org/redmine/branches/2.4-stable@12312 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-03-23 12:51:02 +01:00 · 2013-11-22 23:28:12 +00:00
parent 1cf93f6e32
commit a74ffeff07
2 changed files with 53 additions and 6 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -33,13 +33,19 @@ class ApplicationController < ActionController::Base
  layout 'base'

  protect_from_forgery
-  def handle_unverified_request
-    super
-    cookies.delete(autologin_cookie_name)
-    if api_request?
-      logger.error "API calls must include a proper Content-type header (application/xml or application/json)."
+
+  def verify_authenticity_token
+    unless api_request?
+      super
+    end
+  end
+
+  def handle_unverified_request
+    unless api_request?
+      super
+      cookies.delete(autologin_cookie_name)
+      render_error :status => 422, :message => "Invalid form authenticity token."
    end
-    render_error :status => 422, :message => "Invalid form authenticity token."
  end

  before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization