disable csrf validate when post in basic auth

routers/routes/routes.go

@@ -267,7 +267,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView})
 	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
 	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
-	reqBasicAuth := context.Toggle(&context.ToggleOptions{BasicAuthRequired: true})
+	reqBasicAuth := context.Toggle(&context.ToggleOptions{BasicAuthRequired: true, DisableCSRF: true})
 
 	bindIgnErr := binding.BindIgnErr
 	validation.AddBindingRules()
@@ -1129,7 +1129,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 
 	//secure api,
 	m.Group("/secure", func() {
-		m.Post("/user", bindIgnErr(structs.CreateUserOption{}), apiAdmin.CreateUser)
+		m.Post("/user", binding.Bind(structs.CreateUserOption{}), apiAdmin.CreateUser)
 	}, reqBasicAuth)
 
 	m.Group("/api/internal", func() {