Fix ajax not passed CSRF token

7 years ago · c12f7a9a99
4 changed files with 6 additions and 4 deletions
--- a/views/article_edit.ejs
+++ b/views/article_edit.ejs
@ -39,7 +39,7 @@
 <script type="text/javascript">
 $(function () {
    function render(output, input) {
-      $.post('/api/markdown', { s: input.val() }, function (s) {
+      $.post('/api/markdown', { s: input.val(), _csrf: document.head.getAttribute('data-csrf-token') }, function (s) {
        // console.log(s);
        output.html(s);
      });
--- a/views/login.ejs
+++ b/views/login.ejs
@ -58,7 +58,8 @@ function login() {
        type: 'POST',
        data: {
            "username": $("#username").val(),
-            "password": password
+            "password": password,
+            "_csrf": document.head.getAttribute('data-csrf-token')
        },
        async: true,
        success: function(data) {
--- a/views/problem_edit.ejs
+++ b/views/problem_edit.ejs
@ -71,7 +71,7 @@
 <script type="text/javascript">
 $(function () {
    function render(output, input) {
-      $.post('/api/markdown', { s: input.val() }, function (s) {
+      $.post('/api/markdown', { s: input.val(), _csrf: document.head.getAttribute('data-csrf-token') }, function (s) {
        // console.log(s);
        output.html(s);
      });
--- a/views/sign_up.ejs
+++ b/views/sign_up.ejs
@ -62,7 +62,8 @@ function submit() {
          username: $("#username").val(),
          password: password,
          email: $("#email").val(),
-          prevUrl: <%- JSON.stringify(req.query.url || '/') %>
+          prevUrl: <%- JSON.stringify(req.query.url || '/') %>,
+          _csrf: document.head.getAttribute('data-csrf-token')
        },
        success: function(data) {
            error_code = data.error_code;