diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2015-08-24 11:02:05 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2015-08-24 11:02:05 +0200 |
| commit | c154d1aeb15c37f06518cdb67a4c628615442f7f (patch) | |
| tree | f2d3608c61e26767627c11c8ef3f78a077ed9318 /core | |
| parent | 31d62c10bfa014ec295654da0dd77963a6d670dc (diff) | |
| parent | 84d1e36ff9767714e59a6d59ccce3cbbfd5aeb85 (diff) | |
| download | nextcloud-server-c154d1aeb15c37f06518cdb67a4c628615442f7f.tar.gz nextcloud-server-c154d1aeb15c37f06518cdb67a4c628615442f7f.zip | |
Merge pull request #18498 from owncloud/remove-csrf-check-for-avatar
Remove requesttoken for avatars
Diffstat (limited to 'core')
| -rw-r--r-- | core/avatar/avatarcontroller.php | 1 | ||||
| -rw-r--r-- | core/js/jquery.avatar.js | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/core/avatar/avatarcontroller.php b/core/avatar/avatarcontroller.php index a0c9ebbd785..945e022600a 100644 --- a/core/avatar/avatarcontroller.php +++ b/core/avatar/avatarcontroller.php @@ -91,6 +91,7 @@ class AvatarController extends Controller { /** * @NoAdminRequired + * @NoCSRFRequired * * @param string $userId * @param int $size diff --git a/core/js/jquery.avatar.js b/core/js/jquery.avatar.js index 74acaac7927..b0d1ca7d88f 100644 --- a/core/js/jquery.avatar.js +++ b/core/js/jquery.avatar.js @@ -76,8 +76,8 @@ var $div = this; var url = OC.generateUrl( - '/avatar/{user}/{size}?requesttoken={requesttoken}', - {user: user, size: size * window.devicePixelRatio, requesttoken: oc_requesttoken}); + '/avatar/{user}/{size}', + {user: user, size: size * window.devicePixelRatio}); $.get(url, function(result) { if (typeof(result) === 'object') { |