Skip to content

Commit

Permalink
fix: csrf token only on non-GET routes
Browse files Browse the repository at this point in the history
  • Loading branch information
@julianlam
julianlam committed Oct 14, 2020
1 parent 3326d80 commit 20bb9c7
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions public/src/modules/api.js
View file
Expand Up @@ -10,11 +10,7 @@ define('api', () => {
baseUrl + options.url;

function doAjax(cb) {
$.ajax(Object.assign({
headers: {
'x-csrf-token': config.csrf_token,
},
}, options))
$.ajax(options)
.done((res) => {
cb(null,
res.hasOwnProperty('status') && res.hasOwnProperty('response') ?
Expand Down Expand Up @@ -57,18 +53,27 @@ define('api', () => {
url: route,
method: 'post',
data: payload,
headers: {
'x-csrf-token': config.csrf_token,
},
}, onSuccess);

api.put = (route, payload, onSuccess) => call({
url: route,
method: 'put',
data: payload,
headers: {
'x-csrf-token': config.csrf_token,
},
}, onSuccess);

api.del = (route, payload, onSuccess) => call({
url: route,
method: 'delete',
data: payload,
headers: {
'x-csrf-token': config.csrf_token,
},
}, onSuccess);

return api;
Expand Down

0 comments on commit 20bb9c7

Please sign in to comment.