- enable CSRF support earlier

- remove rpc/sanityCheck from CSRF-excluded calls
This commit is contained in:
Andrew Dolgov 2020-09-15 15:32:17 +03:00
parent 91e1542a82
commit 7e50c6c4b5
2 changed files with 2 additions and 2 deletions

View File

@ -2,7 +2,7 @@
class RPC extends Handler_Protected { class RPC extends Handler_Protected {
function csrf_ignore($method) { function csrf_ignore($method) {
$csrf_ignored = array("sanitycheck", "completelabels", "saveprofile"); $csrf_ignored = array("completelabels", "saveprofile");
return array_search($method, $csrf_ignored) !== false; return array_search($method, $csrf_ignored) !== false;
} }

View File

@ -588,6 +588,7 @@ const App = {
this.setLoadingProgress(30); this.setLoadingProgress(30);
this.initHotkeyActions(); this.initHotkeyActions();
this.enableCsrfSupport();
const a = document.createElement('audio'); const a = document.createElement('audio');
const hasAudio = !!a.canPlayType; const hasAudio = !!a.canPlayType;
@ -628,7 +629,6 @@ const App = {
return errorMsg == ""; return errorMsg == "";
}, },
initSecondStage: function() { initSecondStage: function() {
this.enableCsrfSupport();
document.onkeydown = (event) => { return this.hotkeyHandler(event) }; document.onkeydown = (event) => { return this.hotkeyHandler(event) };
document.onkeypress = (event) => { return this.hotkeyHandler(event) }; document.onkeypress = (event) => { return this.hotkeyHandler(event) };