Form: Disable CSRF counter measure only on API requests

refs #9660
2015-07-30 12:04:22 +02:00 · 2015-07-30 12:04:22 +02:00 · 9aa1599a18
parent c23c7a5fa9
commit 9aa1599a18
1 changed files with 1 additions and 2 deletions
--- a/library/Icinga/Web/Form.php
+++ b/library/Icinga/Web/Form.php
@ -951,8 +951,7 @@ class Form extends Zend_Form
        if (! $this->tokenDisabled) {
            $request = $this->getRequest();
            if (! $request->isXmlHttpRequest()
-                && ($user = $request->getUser()) !== null
-                && $user->getIsHttpUser()
+                && $request->getIsApiRequest()
            ) {
                return $this;
            }