Backport #5250 on v1.6: Fix Issue 5249 and protect /api/v1/admin routes with CSRF token (#5272)

* Add CSRF checking to reqToken and place CSRF in the post for deadline creation Fixes #5226, #5249 * /api/v1/admin/users routes should have reqToken middleware
2025-08-12 12:38:20 +00:00 · 2018-11-04 15:42:15 +00:00
parent f95c966770
commit c0bbbdd30b
5 changed files with 32 additions and 10 deletions
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -2590,6 +2590,10 @@ function updateDeadline(deadlineString) {
        data: JSON.stringify({
            'due_date': realDeadline,
        }),
+        headers: {
+            'X-Csrf-Token': csrf,
+            'X-Remote': true,
+        },
        contentType: 'application/json',
        type: 'POST',
        success: function () {