Browse Source

Fix ajax not passed CSRF token

pull/6/head
Menci 7 years ago
parent
commit
c12f7a9a99
  1. 2
      views/article_edit.ejs
  2. 3
      views/login.ejs
  3. 2
      views/problem_edit.ejs
  4. 3
      views/sign_up.ejs

2
views/article_edit.ejs

@ -39,7 +39,7 @@
<script type="text/javascript"> <script type="text/javascript">
$(function () { $(function () {
function render(output, input) { function render(output, input) {
$.post('/api/markdown', { s: input.val() }, function (s) { $.post('/api/markdown', { s: input.val(), _csrf: document.head.getAttribute('data-csrf-token') }, function (s) {
// console.log(s); // console.log(s);
output.html(s); output.html(s);
}); });

3
views/login.ejs

@ -58,7 +58,8 @@ function login() {
type: 'POST', type: 'POST',
data: { data: {
"username": $("#username").val(), "username": $("#username").val(),
"password": password "password": password,
"_csrf": document.head.getAttribute('data-csrf-token')
}, },
async: true, async: true,
success: function(data) { success: function(data) {

2
views/problem_edit.ejs

@ -71,7 +71,7 @@
<script type="text/javascript"> <script type="text/javascript">
$(function () { $(function () {
function render(output, input) { function render(output, input) {
$.post('/api/markdown', { s: input.val() }, function (s) { $.post('/api/markdown', { s: input.val(), _csrf: document.head.getAttribute('data-csrf-token') }, function (s) {
// console.log(s); // console.log(s);
output.html(s); output.html(s);
}); });

3
views/sign_up.ejs

@ -62,7 +62,8 @@ function submit() {
username: $("#username").val(), username: $("#username").val(),
password: password, password: password,
email: $("#email").val(), email: $("#email").val(),
prevUrl: <%- JSON.stringify(req.query.url || '/') %> prevUrl: <%- JSON.stringify(req.query.url || '/') %>,
_csrf: document.head.getAttribute('data-csrf-token')
}, },
success: function(data) { success: function(data) {
error_code = data.error_code; error_code = data.error_code;

Loading…
Cancel
Save