Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)

* Add CSRF checking to reqToken and place CSRF in the post for deadline creation Fixes #5226, #5249 * /api/v1/admin/users routes should have reqToken middleware
2025-07-24 03:08:36 +00:00 · 2018-11-04 01:15:55 +00:00
parent 57a8440db3
commit 7096085f2b
5 changed files with 32 additions and 10 deletions
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -2595,6 +2595,10 @@ function updateDeadline(deadlineString) {
        data: JSON.stringify({
            'due_date': realDeadline,
        }),
+        headers: {
+            'X-Csrf-Token': csrf,
+            'X-Remote': true,
+        },
        contentType: 'application/json',
        type: 'POST',
        success: function () {