From 4deffa5e4024f53f7ca7191c52c01aaf85ab5f13 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 13 Nov 2018 13:17:19 +0000
Subject: [PATCH] Skip CSRF verification for changeset comment actions

Fixes #2057
---
 app/controllers/changeset_comments_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/changeset_comments_controller.rb b/app/controllers/changeset_comments_controller.rb
index 6a563f9b2..8442a4f36 100644
--- a/app/controllers/changeset_comments_controller.rb
+++ b/app/controllers/changeset_comments_controller.rb
@@ -1,4 +1,5 @@
 class ChangesetCommentsController < ApplicationController
+  skip_before_action :verify_authenticity_token, :except => [:index]
   before_action :authorize_web, :only => [:index]
   before_action :set_locale, :only => [:index]
   before_action :authorize, :only => [:create, :destroy, :restore]
-- 
2.43.2