diff options
author | Andrew Dolgov <[email protected]> | 2020-09-15 16:12:53 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-09-15 16:12:53 +0300 |
commit | 8080c525fd453bfba9c35f01a08013e148bb2144 (patch) | |
tree | d17bf661dfebf3d2ea16c78d821dbb78f07bf0d3 /js/FeedTree.js | |
parent | aeaafefa07b31c99efd27653ad22f4040572d441 (diff) |
- backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
Diffstat (limited to 'js/FeedTree.js')
-rwxr-xr-x | js/FeedTree.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/js/FeedTree.js b/js/FeedTree.js index 74c29d2f7..c61d8a50f 100755 --- a/js/FeedTree.js +++ b/js/FeedTree.js @@ -101,8 +101,9 @@ define(["dojo/_base/declare", "dojo/dom-construct", "dojo/_base/array", "dojo/co menu.addChild(new dijit.MenuItem({ label: __("Debug feed"), onClick: function() { - window.open("backend.php?op=feeds&method=update_debugger&feed_id=" + this.getParent().row_id + - "&csrf_token=" + App.getInitParam("csrf_token")); + /* global __csrf_token */ + App.postOpenWindow("backend.php", {op: "feeds", method: "update_debugger", + feed_id: this.getParent().row_id, csrf_token: __csrf_token}); }})); } |