From 4d5f0bb30b5ac76407c9864b83b69b8a83ac3dd6 Mon Sep 17 00:00:00 2001
From: George Claghorn <george@basecamp.com>
Date: Tue, 21 Nov 2017 14:59:30 -0500
Subject: Fix loading ActiveStorage::DiskController when CSRF protection is
 disabled by default

---
 activestorage/app/controllers/active_storage/disk_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'activestorage')

diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb
index 8caecfff49..a7e10c0696 100644
--- a/activestorage/app/controllers/active_storage/disk_controller.rb
+++ b/activestorage/app/controllers/active_storage/disk_controller.rb
@@ -5,7 +5,7 @@
 # Always go through the BlobsController, or your own authenticated controller, rather than directly
 # to the service url.
 class ActiveStorage::DiskController < ActionController::Base
-  skip_forgery_protection
+  skip_forgery_protection if default_protect_from_forgery
 
   def show
     if key = decode_verified_key
-- 
cgit v1.2.3