remove csrf token from rpc method sanityCheck

2020-09-14 20:00:01 +03:00 · 2020-09-14 20:00:01 +03:00 · b4cb67e77f
parent c3d14e1fa5
commit b4cb67e77f
4 changed files with 10 additions and 1 deletions
--- a/include/functions.php
+++ b/include/functions.php
@ -1007,7 +1007,6 @@

 		$params["hotkeys"] = get_hotkeys_map();

-		$params["csrf_token"] = $_SESSION["csrf_token"];
 		$params["widescreen"] = (int) $_COOKIE["ttrss_widescreen"];

 		$params['simple_update'] = defined('SIMPLE_UPDATE_MODE') && SIMPLE_UPDATE_MODE;
--- a/index.php
+++ b/index.php
@ -47,6 +47,10 @@
 	}
 	?>

+	<script type="text/javascript">
+		const __csrf_token = "<?php echo $_SESSION["csrf_token"]; ?>";
+	</script>
+
 	<?php print_user_stylesheet() ?>

 	<style type="text/css">
--- a/js/App.js
+++ b/js/App.js
@ -576,6 +576,8 @@ const App = {
      this.is_prefs = is_prefs;
      window.onerror = this.Error.onWindowError;

+      this.setInitParam("csrf_token", __csrf_token);
+
      this.setupNightModeDetection(() => {
         parser.parse();

--- a/prefs.php
+++ b/prefs.php
@ -39,6 +39,10 @@
 	}
 	?>

+	<script type="text/javascript">
+		const __csrf_token = "<?php echo $_SESSION["csrf_token"]; ?>";
+	</script>
+
 	<?php print_user_stylesheet() ?>

 	<link rel="shortcut icon" type="image/png" href="images/favicon.png"/>