mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation Fixes #5226, #5249 * /api/v1/admin/users routes should have reqToken middleware
This commit is contained in:
@@ -2595,6 +2595,10 @@ function updateDeadline(deadlineString) {
|
||||
data: JSON.stringify({
|
||||
'due_date': realDeadline,
|
||||
}),
|
||||
headers: {
|
||||
'X-Csrf-Token': csrf,
|
||||
'X-Remote': true,
|
||||
},
|
||||
contentType: 'application/json',
|
||||
type: 'POST',
|
||||
success: function () {
|
||||
|
Reference in New Issue
Block a user