diff options
Diffstat (limited to 'Bugzilla/API/1_0/Server.pm')
-rw-r--r-- | Bugzilla/API/1_0/Server.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/API/1_0/Server.pm b/Bugzilla/API/1_0/Server.pm index 6136440cf..108c25e27 100644 --- a/Bugzilla/API/1_0/Server.pm +++ b/Bugzilla/API/1_0/Server.pm @@ -260,7 +260,8 @@ sub _params_check { } } - if ($self->request->method eq 'POST') { + if ($self->request->method eq 'POST' + || $self->request->method eq 'PUT') { # CSRF is possible via XMLHttpRequest when the Content-Type header # is not application/json (for example: text/plain or # application/x-www-form-urlencoded). |