Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 19:15:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: csrf token only on non-GET routes

Browse Source
This commit is contained in:
Julian Lam
2020-10-14 14:02:03 -04:00
parent 3326d80c11
commit 20bb9c7ec8
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
public/src/modules/api.js
View File

@@ -10,11 +10,7 @@ define('api', () => {
baseUrl + options.url;
function doAjax(cb) {
$.ajax(Object.assign({
headers: {
'x-csrf-token': config.csrf_token,
},
}, options))
$.ajax(options)
.done((res) => {
cb(null,
res.hasOwnProperty('status') && res.hasOwnProperty('response') ?
@@ -57,18 +53,27 @@ define('api', () => {
url: route,
method: 'post',
data: payload,
headers: {
'x-csrf-token': config.csrf_token,
},
}, onSuccess);
api.put = (route, payload, onSuccess) => call({
url: route,
method: 'put',
data: payload,
headers: {
'x-csrf-token': config.csrf_token,
},
}, onSuccess);
api.del = (route, payload, onSuccess) => call({
url: route,
method: 'delete',
data: payload,
headers: {
'x-csrf-token': config.csrf_token,
},
}, onSuccess);
return api;