1 files changed, 4 insertions, 2 deletions

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 8a9a85213..17ff9ab21 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -68,8 +68,10 @@ class FreshRSS extends Minz_FrontController {
 			if (!(FreshRSS_Auth::isCsrfOk() ||
 				(Minz_Request::controllerName() === 'auth' && Minz_Request::actionName() === 'login') ||
 				(Minz_Request::controllerName() === 'user' && Minz_Request::actionName() === 'create' && !FreshRSS_Auth::hasAccess('admin')) ||
-				(Minz_Request::controllerName() === 'feed' && Minz_Request::actionName() === 'actualize' && FreshRSS_Context::$system_conf->allow_anonymous_refresh) ||
-				(Minz_Request::controllerName() === 'javascript' && Minz_Request::actionName() === 'actualize' && FreshRSS_Context::$system_conf->allow_anonymous)
+				(Minz_Request::controllerName() === 'feed' && Minz_Request::actionName() === 'actualize'
+					&& FreshRSS_Context::$system_conf->allow_anonymous_refresh) ||
+				(Minz_Request::controllerName() === 'javascript' && Minz_Request::actionName() === 'actualize'
+					&& FreshRSS_Context::$system_conf->allow_anonymous)
 				)) {
 				// Token-based protection against XSRF attacks, except for the login or self-create user forms
 				self::initI18n();