diff options
| author | zeripath <art27@cantab.net> | 2018-11-04 01:15:55 +0000 |
|---|---|---|
| committer | techknowlogick <hello@techknowlogick.com> | 2018-11-03 21:15:55 -0400 |
| commit | 7096085f2b07246315e95e394b180ce9729efbb0 (patch) | |
| tree | bd19725b9897567b5868d7edabe7a800da1899f4 /public | |
| parent | 57a8440db372d3b2a01d3ef12a4a560424a08657 (diff) | |
| download | gitea-7096085f2b07246315e95e394b180ce9729efbb0.tar.gz gitea-7096085f2b07246315e95e394b180ce9729efbb0.zip | |
Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation
Fixes #5226, #5249
* /api/v1/admin/users routes should have reqToken middleware
Diffstat (limited to 'public')
| -rw-r--r-- | public/js/index.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/public/js/index.js b/public/js/index.js index 9aafa7d646..f5d3ef2d93 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -2595,6 +2595,10 @@ function updateDeadline(deadlineString) { data: JSON.stringify({ 'due_date': realDeadline, }), + headers: { + 'X-Csrf-Token': csrf, + 'X-Remote': true, + }, contentType: 'application/json', type: 'POST', success: function () { |