Disable forgery protection for notes API methods

Fixes #1571

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 1de58af906d5ea3e3f24a5799ea1fe2a599ce6a6..f4667bef5f47beaad0ff4da13a95f99e03beeb15 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -1,6 +1,7 @@
 class NotesController < ApplicationController
   layout "site", :only => [:mine]
 
+  skip_before_action :verify_authenticity_token, :except => [:mine]
   before_action :check_api_readable
   before_action :authorize_web, :only => [:mine]
   before_action :setup_user_auth, :only => [:create, :comment]