Defect #37562 ยป 37562.patch
| app/controllers/sys_controller.rb | ||
|---|---|---|
| 22 | 22 | |
| 23 | 23 |
before_action :check_enabled |
| 24 | 24 | |
| 25 |
# Requests from repository WS clients don't contain CSRF tokens |
|
| 26 |
skip_before_action :verify_authenticity_token |
|
| 27 | ||
| 25 | 28 |
def projects |
| 26 | 29 |
p = Project.active.has_module(:repository). |
| 27 | 30 |
order("#{Project.table_name}.identifier").preload(:repository).to_a
|
| test/functional/sys_controller_test.rb | ||
|---|---|---|
| 143 | 143 |
assert_include 'Access denied', response.body |
| 144 | 144 |
end |
| 145 | 145 |
end |
| 146 | ||
| 147 |
def test_should_skip_verify_authenticity_token |
|
| 148 |
ActionController::Base.allow_forgery_protection = true |
|
| 149 |
assert_nothing_raised {test_create_project_repository}
|
|
| 150 |
ensure |
|
| 151 |
ActionController::Base.allow_forgery_protection = false |
|
| 152 |
end |
|
| 146 | 153 |
end |