Don't verify CSRF authenticity token in mail handler (#37030).

Patch by Go MAEDA. git-svn-id: https://svn.redmine.org/redmine/trunk@21568 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-02-10 12:45:24 +00:00 · 2022-05-11 20:09:16 +00:00 · 2022-05-11 20:09:16 +00:00 · 1d02d8ec0b
commit 1d02d8ec0b
parent 5e1e8684fc
2 changed files with 10 additions and 0 deletions
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@ -22,6 +22,9 @@ class MailHandlerController < ActionController::Base

  before_action :check_credential

+  # Requests from rdm-mailhandler.rb don't contain CSRF tokens
+  skip_before_action :verify_authenticity_token
+
  # Displays the email submission form
  def new
  end
--- a/test/functional/mail_handler_controller_test.rb
+++ b/test/functional/mail_handler_controller_test.rb
@ -170,4 +170,11 @@ class MailHandlerControllerTest < Redmine::ControllerTest
    end
    assert_response :success
  end
+
+  def test_should_skip_verify_authenticity_token
+    ActionController::Base.allow_forgery_protection = true
+    assert_nothing_raised {test_should_create_issue}
+  ensure
+    ActionController::Base.allow_forgery_protection = false
+  end
 end