app/controllers/mailkick/subscriptions_controller.rb in mailkick-1.2.2 vs app/controllers/mailkick/subscriptions_controller.rb in mailkick-1.3.0

@@ -1,8 +1,9 @@
 module Mailkick
   class SubscriptionsController < ActionController::Base
     protect_from_forgery with: :exception
+    skip_forgery_protection only: [:unsubscribe]
 
     before_action :set_subscription
 
     def show
     end
@@ -10,10 +11,16 @@
     def unsubscribe
       subscription.delete_all
 
       Mailkick::Legacy.opt_out(legacy_options) if Mailkick::Legacy.opt_outs?
 
-      redirect_to subscription_path(params[:id])
+      if request.post? && params["List-Unsubscribe"] == "One-Click"
+        # must not redirect according to RFC 8058
+        # could render show action instead
+        render plain: "Unsubscribe successful"
+      else
+        redirect_to subscription_path(params[:id])
+      end
     end
 
     def subscribe
       subscription.first_or_create!