diff options
| author | Andrew Dolgov <[email protected]> | 2021-03-14 14:17:18 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-03-14 14:17:18 +0300 |
| commit | 1c9afba5f058adace5e005b51fc533882f9af0fa (patch) | |
| tree | 99f4a228acf9f969d5411048c210338ba0fd126a /index.php | |
| parent | 2b8b845abe7c13ecbb266613910484310cffe8e1 (diff) | |
* add CSRF protection to xhr requests
* force ORM to use SQLITE WAL
* add .editorconfig
* cleanup a few things
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -13,7 +13,7 @@ Config::sanity_check(); if (!validate_session()) { - header("Location: logout.php"); + header("Location: login.php"); exit; } @@ -24,6 +24,9 @@ exit; } + setcookie("epube_csrf_token", $_SESSION["csrf_token"], time() + Config::get(Config::SESSION_LIFETIME), + "/", "", Config::is_server_https()); + // TODO: this should be unified with the service worker cache list $check_files_mtime = [ 'manifest.json', @@ -72,10 +75,10 @@ <link rel="manifest" href="manifest.json"> <meta name="mobile-web-app-capable" content="yes"> <script src="dist/app.min.js"></script> - <script type="text/javascript"> - 'use strict'; + <script type="text/javascript"> + 'use strict'; - if ('serviceWorker' in navigator) { + if ('serviceWorker' in navigator) { navigator.serviceWorker .register('worker.js') .then(function() { @@ -141,7 +144,7 @@ <span class="glyphicon glyphicon-refresh"></span> <span class='hidden-sm hidden-md hidden-lg'>Refresh script cache</span></a></li> </li> <?php if ($mode !== "favorites") { ?> - <li><a href="logout.php" title="Log out"> + <li><a href="#" onclick="App.logout()" title="Log out"> <span class="glyphicon glyphicon-log-out"></span> <span class='hidden-sm hidden-md hidden-lg'>Log out</span> </a></li> <?php } ?> |