https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292013-11-21T12:59:37ZRedmineRedmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=532962013-11-21T12:59:37ZMarco Descher
<ul></ul><p>Adding the line</p>
<p><code>skip_before_filter :verify_authenticity_token</code></p>
<p>to the respective controller (e.g. for Users the file app/controllers/users_controller.rb) removes the problem. Wouldn't the correct solution be to verify the authenticity_token only in case of webbrowser based access?</p> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=532972013-11-21T13:38:23ZMarco Descher
<ul></ul><p>I could track down the changeset that seems to make the problem <a class="external" href="https://bitbucket.org/redmine/redmine-trunk/commits/b823653c220c8a7f32e321b39d0bdc5f85b4689f">https://bitbucket.org/redmine/redmine-trunk/commits/b823653c220c8a7f32e321b39d0bdc5f85b4689f</a></p> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=532982013-11-21T13:58:36ZMarco Descher
<ul></ul><p>Removing lines 39-42 of above mentioned patch, makes POST and PUT usable again.</p> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=533262013-11-22T22:28:37ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li><li><strong>Target version</strong> set to <i>2.4.1</i></li></ul> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=533272013-11-22T22:59:34ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Resolved</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Fixed in <a class="changeset" title="Fixed that non-GET API requests respond with 422 (#15427)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/12311">r12311</a>, a test with token verification turned <em>on</em> (<em>off</em> by default in tests) is now present. The fix will be included in 2.4.1 that will be released tomorrow. Thanks for pointing this out.</p> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=533302013-11-22T23:00:22ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-1 status-5 priority-5 priority-high2 closed" href="/issues/15453">Defect #15453</a>: Redmine-Java-API - POST/Put stopped working from android application</i> added</li></ul> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=533332013-11-22T23:29:30ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-1 status-5 priority-5 priority-high2 closed" href="/issues/15424">Defect #15424</a>: Filter chain halted as :verify_authenticity_token rendered or redirected</i> added</li></ul> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=533392013-11-23T08:24:29ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul><p>Merged.</p> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=535042013-12-01T04:15:03ZToshi MARUYAMA
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/53504/diff?detail_id=39360">diff</a>)</li></ul> Redmine - Defect #15427: REST API POST and PUT brokenhttps://www.redmine.org/issues/15427?journal_id=849822018-05-13T04:55:19ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/11797">Defect #11797</a>: Using the API logs out my browser session</i> added</li></ul>