Merge pull request #1640 from Alkarex/fix_global_view_csrf

Fix global view CSRF
7 years ago · 0578abf310
parent bc109cff50 ca7d1fddde
commit 0578abf310
4 changed files with 10 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@
 	* Fix API compatibility bug between PostgreSQL and EasyRSS [#1603](https://github.com/FreshRSS/FreshRSS/pull/1603)
 	* Fix PostgreSQL error when adding entries with duplicated GUID [#1610](https://github.com/FreshRSS/FreshRSS/issues/1610)
 	* Fix for RSS feeds containing HTML in author field [#1590](https://github.com/FreshRSS/FreshRSS/issues/1590)
+	* Fix logout issue in global view due to CSRF [#1591](https://github.com/FreshRSS/FreshRSS/issues/1591)
 * Misc.
 	* Travis continuous integration [#1619](https://github.com/FreshRSS/FreshRSS/pull/1619)
 	* Allow longer database usernames [#1597](https://github.com/FreshRSS/FreshRSS/issues/1597)
--- a/p/scripts/category.js
+++ b/p/scripts/category.js
@ -92,7 +92,7 @@ function init_draggable() {
 		$.ajax({
 			type: 'POST',
 			url: './?c=feed&a=move',
-			data : {
+			data: {
 				f_id: dragFeedId,
 				c_id: e.target.parentNode.getAttribute('data-cat-id'),
 				_csrf: context.csrf,
--- a/p/scripts/global_view.js
+++ b/p/scripts/global_view.js
@ -33,6 +33,9 @@ function load_panel(link) {
 			$.ajax({
 				type: "POST",
 				url: $(this).attr("formaction"),
+				data: {
+					_csrf: context.csrf,
+				},
 				async: false
 			});
 			window.location.reload(false);
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@ -133,7 +133,7 @@ function mark_read(active, only_not_read) {
 	$.ajax({
 		type: 'POST',
 		url: url,
-		data : {
+		data: {
 			ajax: true,
 			_csrf: context.csrf,
 		},
@ -182,7 +182,7 @@ function mark_favorite(active) {
 	$.ajax({
 		type: 'POST',
 		url: url,
-		data : {
+		data: {
 			ajax: true,
 			_csrf: context.csrf,
 		},
@ -823,7 +823,7 @@ function updateFeed(feeds, feeds_count) {
 	$.ajax({
 		type: 'POST',
 		url: feed.url,
-		data : {
+		data: {
 			_csrf: context.csrf,
 			noCommit: feeds.length > 0 ? 1 : 0,
 		},
@ -860,7 +860,7 @@ function init_actualize() {
 				$.ajax({	//Empty request to force refresh server database cache
 					type: 'POST',
 					url: './?c=feed&a=actualize&id=-1',
-					data : {
+					data: {
 						_csrf: context.csrf,
 						noCommit: 0,
 					},
@ -1299,7 +1299,7 @@ function init_slider_observers() {
 		$.ajax({
 			type: 'GET',
 			url: url_slide,
-			data : { ajax: true }
+			data: { ajax: true }
 		}).done(function (data) {
 			slider.html(data);
 			closer.addClass('active');