Fix global view CSRF

FreshRSS#1591
javerous · Sep 23, 2017 · 56d2b26 · 56d2b26
1 parent f89e9a0
commit 56d2b26
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@
 	* Fix API compatibility bug between PostgreSQL and EasyRSS [#1603](https://github.com/FreshRSS/FreshRSS/pull/1603)
 	* Fix PostgreSQL error when adding entries with duplicated GUID [#1610](https://github.com/FreshRSS/FreshRSS/issues/1610)
 	* Fix for RSS feeds containing HTML in author field [#1590](https://github.com/FreshRSS/FreshRSS/issues/1590)
+	* Fix logout issue in global view due to CSRF [#1591](https://github.com/FreshRSS/FreshRSS/issues/1591)
 * Misc.
 	* Travis continuous integration [#1619](https://github.com/FreshRSS/FreshRSS/pull/1619)
 	* Allow longer database usernames [#1597](https://github.com/FreshRSS/FreshRSS/issues/1597)

diff --git a/p/scripts/global_view.js b/p/scripts/global_view.js
@@ -33,6 +33,9 @@ function load_panel(link) {
 			$.ajax({
 				type: "POST",
 				url: $(this).attr("formaction"),
+				data : {
+					_csrf: context.csrf,
+				},
 				async: false
 			});
 			window.location.reload(false);