From 9aa1599a18ccd9add36274391384ab623f369ed2 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 30 Jul 2015 12:04:22 +0200
Subject: [PATCH] Form: Disable CSRF counter measure only on API requests

refs #9660
---
 library/Icinga/Web/Form.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/Icinga/Web/Form.php b/library/Icinga/Web/Form.php
index 1c106e017..1b1584ccf 100644
--- a/library/Icinga/Web/Form.php
+++ b/library/Icinga/Web/Form.php
@@ -951,8 +951,7 @@ class Form extends Zend_Form
         if (! $this->tokenDisabled) {
             $request = $this->getRequest();
             if (! $request->isXmlHttpRequest()
-                && ($user = $request->getUser()) !== null
-                && $user->getIsHttpUser()
+                && $request->getIsApiRequest()
             ) {
                 return $this;
             }