- enable CSRF support earlier

- remove rpc/sanityCheck from CSRF-excluded calls
2020-09-15 15:32:17 +03:00 · 2020-09-15 15:32:17 +03:00 · 7e50c6c4b5
parent 91e1542a82
commit 7e50c6c4b5
2 changed files with 2 additions and 2 deletions
--- a/classes/rpc.php
+++ b/classes/rpc.php
@ -2,7 +2,7 @@
 class RPC extends Handler_Protected {

 	function csrf_ignore($method) {
-		$csrf_ignored = array("sanitycheck", "completelabels", "saveprofile");
+		$csrf_ignored = array("completelabels", "saveprofile");

 		return array_search($method, $csrf_ignored) !== false;
 	}
--- a/js/App.js
+++ b/js/App.js
@ -588,6 +588,7 @@ const App = {

         this.setLoadingProgress(30);
         this.initHotkeyActions();
+         this.enableCsrfSupport();

         const a = document.createElement('audio');
         const hasAudio = !!a.canPlayType;
@ -628,7 +629,6 @@ const App = {
      return errorMsg == "";
   },
   initSecondStage: function() {
-      this.enableCsrfSupport();

      document.onkeydown = (event) => { return this.hotkeyHandler(event) };
      document.onkeypress = (event) => { return this.hotkeyHandler(event) };