diff --git a/app/controllers/dmsf_controller.rb b/app/controllers/dmsf_controller.rb
index 2450d8c0..cc6dc8bd 100644
--- a/app/controllers/dmsf_controller.rb
+++ b/app/controllers/dmsf_controller.rb
@@ -32,8 +32,6 @@ class DmsfController < ApplicationController
 
   accept_api_auth :show, :create, :save, :delete
 
-  skip_before_action :verify_authenticity_token,  if: -> { request.headers['HTTP_X_REDMINE_API_KEY'].present? }
-
   helper :all
   helper :dmsf_folder_permissions
 
@@ -258,13 +256,13 @@ class DmsfController < ApplicationController
       flash[:error] = @folder.errors.full_messages.to_sentence
     end
     respond_to do |format|
-      format.html {
+      format.html do
         if commit || @tree_view
           redirect_to :back
         else
           redirect_to dmsf_folder_path(:id => @project, :folder_id => @folder.dmsf_folder)
         end
-      }
+      end
       format.api { result ? render_api_ok : render_validation_errors(@folder) }
     end
   end
@@ -661,21 +659,13 @@ class DmsfController < ApplicationController
         end
         @url_links = []
       else
-        if @folder
-          @subfolders = @folder.dmsf_folders.visible
-          @files = @folder.dmsf_files.visible
-          @dir_links = @folder.folder_links.visible
-          @file_links = @folder.file_links.visible
-          @url_links = @folder.url_links.visible
-          @locked_for_user = @folder.locked_for_user?
-        else
-          @subfolders = @project.dmsf_folders.visible
-          @files = @project.dmsf_files.visible
-          @dir_links = @project.folder_links.visible
-          @file_links = @project.file_links.visible
-          @url_links = @project.url_links.visible
-          @locked_for_user = false
-        end
+        scope = @folder ? @folder : @project
+        @locked_for_user = @folder && @folder.locked_for_user?
+        @subfolders = scope.dmsf_folders.visible
+        @files = scope.dmsf_files.visible
+        @dir_links = scope.folder_links.visible
+        @file_links = scope.file_links.visible
+        @url_links = scope.url_links.visible
         # Limit and offset for REST API calls
         if params[:limit].present?
           @subfolders = @subfolders.limit(params[:limit])
diff --git a/app/controllers/dmsf_files_controller.rb b/app/controllers/dmsf_files_controller.rb
index f48050bf..b025bf84 100644
--- a/app/controllers/dmsf_files_controller.rb
+++ b/app/controllers/dmsf_files_controller.rb
@@ -218,13 +218,13 @@ class DmsfFilesController < ApplicationController
       end
     end
     respond_to do |format|
-      format.html {
+      format.html do
         if commit || (@tree_view && params[:details].blank?)
           redirect_to :back
         else
           redirect_to dmsf_folder_path(:id => @project, :folder_id => @file.dmsf_folder)
         end
-      }
+      end
       format.api { result ? render_api_ok : render_validation_errors(@file) }
     end
   end
diff --git a/app/controllers/dmsf_links_controller.rb b/app/controllers/dmsf_links_controller.rb
index 61452c58..0df7edfd 100644
--- a/app/controllers/dmsf_links_controller.rb
+++ b/app/controllers/dmsf_links_controller.rb
@@ -31,8 +31,6 @@ class DmsfLinksController < ApplicationController
 
   accept_api_auth :create
 
-  skip_before_action :verify_authenticity_token, if: -> { request.headers['HTTP_X_REDMINE_API_KEY'].present? }
-
   def permissions
     if @dmsf_link
       render_403 unless DmsfFolder.permissions?(@dmsf_link.dmsf_folder)