Skip CSRF verification for changeset comment actions

Fixes #2057
2018-11-13 13:17:19 +00:00 · 2018-11-13 13:17:19 +00:00 · 4deffa5e40
commit 4deffa5e40
parent 3790dd2aba
1 changed files with 1 additions and 0 deletions
--- a/app/controllers/changeset_comments_controller.rb
+++ b/app/controllers/changeset_comments_controller.rb
@ -1,4 +1,5 @@
 class ChangesetCommentsController < ApplicationController
+  skip_before_action :verify_authenticity_token, :except => [:index]
  before_action :authorize_web, :only => [:index]
  before_action :set_locale, :only => [:index]
  before_action :authorize, :only => [:create, :destroy, :restore]