Remove requesttoken for avatars

First step for https://github.com/owncloud/core/issues/11915
author: Lukas Reschke <lukas@owncloud.com> 2015-08-23 16:47:06 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2015-08-23 16:49:12 +0200
commit: 84d1e36ff9767714e59a6d59ccce3cbbfd5aeb85 (patch)
tree: caf13f5c07296300ea45a4b03ac5299cfed39dd2 /core
parent: 510010e774c4019b7fc616c90085649abb7afac3 (diff)
download: nextcloud-server-84d1e36ff9767714e59a6d59ccce3cbbfd5aeb85.tar.gz
nextcloud-server-84d1e36ff9767714e59a6d59ccce3cbbfd5aeb85.zip
2 files changed, 3 insertions, 2 deletions
diff --git a/core/avatar/avatarcontroller.php b/core/avatar/avatarcontroller.php
index a0c9ebbd785..945e022600a 100644
--- a/core/avatar/avatarcontroller.php
+++ b/core/avatar/avatarcontroller.php
@@ -91,6 +91,7 @@ class AvatarController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @NoCSRFRequired
 	 *
 	 * @param string $userId
 	 * @param int $size
diff --git a/core/js/jquery.avatar.js b/core/js/jquery.avatar.js
index 74acaac7927..b0d1ca7d88f 100644
--- a/core/js/jquery.avatar.js
+++ b/core/js/jquery.avatar.js
@@ -76,8 +76,8 @@
 		var $div = this;
 
 		var url = OC.generateUrl(
-			'/avatar/{user}/{size}?requesttoken={requesttoken}',
-			{user: user, size: size * window.devicePixelRatio, requesttoken: oc_requesttoken});
+			'/avatar/{user}/{size}',
+			{user: user, size: size * window.devicePixelRatio});
 
 		$.get(url, function(result) {
 			if (typeof(result) === 'object') {
author	Lukas Reschke <lukas@owncloud.com>	2015-08-23 16:47:06 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2015-08-23 16:49:12 +0200
commit	84d1e36ff9767714e59a6d59ccce3cbbfd5aeb85 (patch)
tree	caf13f5c07296300ea45a4b03ac5299cfed39dd2 /core
parent	510010e774c4019b7fc616c90085649abb7afac3 (diff)
download	nextcloud-server-84d1e36ff9767714e59a6d59ccce3cbbfd5aeb85.tar.gz nextcloud-server-84d1e36ff9767714e59a6d59ccce3cbbfd5aeb85.zip