From 0ef9bc039d22f7696186d0f236c1c0f93d6b9bd2 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 17 Jan 2010 20:23:06 +0000
Subject: [PATCH] Adds a log message when an API call raises an
 InvalidAuthenticityToken error.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3332 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/application_controller.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9f3169a4b..16652c8f7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -227,6 +227,9 @@ class ApplicationController < ActionController::Base
   end
   
   def invalid_authenticity_token
+    if api_request?
+      logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
+    end
     render_error "Invalid form authenticity token."
   end
   
@@ -308,4 +311,8 @@ class ApplicationController < ActionController::Base
   def filename_for_content_disposition(name)
     request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
   end
+  
+  def api_request?
+    %w(xml json).include? params[:format]
+  end
 end