From 5c71b574aba4af3203358284a716061353c521bc Mon Sep 17 00:00:00 2001 From: Andrew Lewis Date: Fri, 15 Apr 2016 19:09:30 +0200 Subject: [PATCH] [Fix] Make web interface not send password in query strings (#585) --- interface/js/rspamd.js | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/interface/js/rspamd.js b/interface/js/rspamd.js index 3d6484cd8..2fcc6bfc3 100644 --- a/interface/js/rspamd.js +++ b/interface/js/rspamd.js @@ -78,8 +78,8 @@ dataType: 'json', type: 'GET', url: 'auth', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, success: function (data) { if (data.auth === 'failed') { @@ -94,8 +94,8 @@ dataType: 'json', type: 'GET', url: 'auth', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, success: function (data) { saveCredentials(data, password); @@ -180,8 +180,8 @@ $.ajax({ dataType: 'json', url: 'maps', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, error: function () { alertMessage('alert-modal alert-error', data.statusText); @@ -374,8 +374,8 @@ dataType: 'json', type: 'GET', url: 'pie', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, success: function (data) { if (pie) { @@ -484,8 +484,8 @@ $.ajax({ dataType: 'json', url: 'history', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, error: function () { alertMessage('alert-error', 'Cannot receive history'); @@ -549,8 +549,8 @@ dataType: 'json', type: 'GET', url: 'symbols', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, success: function (data) { $('#modalBody').empty(); @@ -608,8 +608,8 @@ dataType: 'json', type: 'GET', url: 'historyreset', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, success: function (data) { getHistory(); @@ -907,8 +907,8 @@ dataType: 'json', type: 'GET', url: 'actions', - data: { - password: getPassword() + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', getPassword()); }, success: function (data) { // Order of sliders greylist -> probable spam -> spam @@ -1081,8 +1081,8 @@ dataType: 'json', type: 'GET', url: 'auth', - data: { - password: password + beforeSend: function (xhr) { + xhr.setRequestHeader('Password', password); }, success: function (data) { if (data.auth === 'failed') { -- 2.39.5