From: Tom Hughes <tom@compton.nu>
Date: Tue, 13 Nov 2018 13:17:19 +0000 (+0000)
Subject: Skip CSRF verification for changeset comment actions
X-Git-Tag: live~2770
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/4deffa5e4024f53f7ca7191c52c01aaf85ab5f13

Skip CSRF verification for changeset comment actions

Fixes #2057
---

diff --git a/app/controllers/changeset_comments_controller.rb b/app/controllers/changeset_comments_controller.rb
index 6a563f9b2..8442a4f36 100644
--- a/app/controllers/changeset_comments_controller.rb
+++ b/app/controllers/changeset_comments_controller.rb
@@ -1,4 +1,5 @@
 class ChangesetCommentsController < ApplicationController
+  skip_before_action :verify_authenticity_token, :except => [:index]
   before_action :authorize_web, :only => [:index]
   before_action :set_locale, :only => [:index]
   before_action :authorize, :only => [:create, :destroy, :restore]