public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-24 07:21:28 +00:00
Code Issues Releases Wiki Activity

- enable CSRF support earlier

Browse Source 
- remove rpc/sanityCheck from CSRF-excluded calls
This commit is contained in:
Andrew Dolgov
2020-09-15 15:32:17 +03:00
parent 91e1542a82
commit 7e50c6c4b5
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/rpc.php
View File

@@ -2,7 +2,7 @@
class RPC extends Handler_Protected { class RPC extends Handler_Protected {
function csrf_ignore($method) { function csrf_ignore($method) {
$csrf_ignored = array("sanitycheck", "completelabels", "saveprofile"); $csrf_ignored = array("completelabels", "saveprofile");
return array_search($method, $csrf_ignored) !== false; return array_search($method, $csrf_ignored) !== false;
} }

2
js/App.js
View File

@@ -588,6 +588,7 @@ const App = {
this.setLoadingProgress(30); this.setLoadingProgress(30);
this.initHotkeyActions(); this.initHotkeyActions();
this.enableCsrfSupport();
const a = document.createElement('audio'); const a = document.createElement('audio');
const hasAudio = !!a.canPlayType; const hasAudio = !!a.canPlayType;
@@ -628,7 +629,6 @@ const App = {
return errorMsg == ""; return errorMsg == "";
}, },
initSecondStage: function() { initSecondStage: function() {
this.enableCsrfSupport();
document.onkeydown = (event) => { return this.hotkeyHandler(event) }; document.onkeydown = (event) => { return this.hotkeyHandler(event) };
document.onkeypress = (event) => { return this.hotkeyHandler(event) }; document.onkeypress = (event) => { return this.hotkeyHandler(event) };