REST API POST and PUT broken
|Assignee:||Jean-Philippe Lang||% Done:|
I could re-verify the behavior documented in #15424 for PUT requests. An update shows the same error message, as a POST request.
This effectively makes the REST API
The POST requests have been re-tested in 2.3.3, and there they do work!
#1 Updated by Marco Descher about 5 years ago
Adding the line
to the respective controller (e.g. for Users the file app/controllers/users_controller.rb) removes the problem. Wouldn't the correct solution be to verify the authenticity_token only in case of webbrowser based access?
#2 Updated by Marco Descher about 5 years ago
I could track down the changeset that seems to make the problem https://bitbucket.org/redmine/redmine-trunk/commits/b823653c220c8a7f32e321b39d0bdc5f85b4689f
#5 Updated by Jean-Philippe Lang about 5 years ago
- Status changed from Confirmed to Resolved
- Assignee set to Jean-Philippe Lang
- Resolution set to Fixed
Fixed in r12311, a test with token verification turned on (off by default in tests) is now present. The fix will be included in 2.4.1 that will be released tomorrow. Thanks for pointing this out.