- enable CSRF support earlier

- remove rpc/sanityCheck from CSRF-excluded calls
This commit is contained in:
Andrew Dolgov 2020-09-15 15:32:17 +03:00
parent 91e1542a82
commit 7e50c6c4b5
2 changed files with 2 additions and 2 deletions

View File

@ -2,7 +2,7 @@
class RPC extends Handler_Protected {
function csrf_ignore($method) {
$csrf_ignored = array("sanitycheck", "completelabels", "saveprofile");
$csrf_ignored = array("completelabels", "saveprofile");
return array_search($method, $csrf_ignored) !== false;
}

View File

@ -588,6 +588,7 @@ const App = {
this.setLoadingProgress(30);
this.initHotkeyActions();
this.enableCsrfSupport();
const a = document.createElement('audio');
const hasAudio = !!a.canPlayType;
@ -628,7 +629,6 @@ const App = {
return errorMsg == "";
},
initSecondStage: function() {
this.enableCsrfSupport();
document.onkeydown = (event) => { return this.hotkeyHandler(event) };
document.onkeypress = (event) => { return this.hotkeyHandler(event) };