From 4fb4385ba5f3f14c3bde18ccc7c3e262811541eb Mon Sep 17 00:00:00 2001
From: Rien Maertens <rien.maertens@posteo.be>
Date: Thu, 18 Apr 2019 00:50:41 +0200
Subject: [PATCH] Also skip CSRF check for clients (Tap)

---
 app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7e9a6e9..fde4284 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,7 +5,7 @@ class ApplicationController < ActionController::Base
   skip_before_action :verify_authenticity_token, if: :api_request?
 
   def api_request?
-    user_token && request.format.json?
+    (user_token.present? || current_client.present?) && request.format.json?
   end
 
   rescue_from CanCan::AccessDenied do |exception|