From c37bc7e9d8167dc56bde1643e52a421960b348df Mon Sep 17 00:00:00 2001
From: lewis <747342561@qq.com>
Date: Thu, 8 Jul 2021 14:50:45 +0800
Subject: [PATCH] disable csrf validate when post in basic auth

---
 routers/routes/routes.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routers/routes/routes.go b/routers/routes/routes.go
index 16dcbacda..82dc2de9f 100755
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -267,7 +267,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView})
 	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
 	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
-	reqBasicAuth := context.Toggle(&context.ToggleOptions{BasicAuthRequired: true})
+	reqBasicAuth := context.Toggle(&context.ToggleOptions{BasicAuthRequired: true, DisableCSRF: true})
 
 	bindIgnErr := binding.BindIgnErr
 	validation.AddBindingRules()
@@ -1129,7 +1129,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 
 	//secure api,
 	m.Group("/secure", func() {
-		m.Post("/user", bindIgnErr(structs.CreateUserOption{}), apiAdmin.CreateUser)
+		m.Post("/user", binding.Bind(structs.CreateUserOption{}), apiAdmin.CreateUser)
 	}, reqBasicAuth)
 
 	m.Group("/api/internal", func() {