aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2017-09-23 13:34:57 +0200
committerGravatar Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2017-09-23 13:34:57 +0200
commit2fd5ab8c55e990d3ad6dacc5371dfd5f9b6bcd2e (patch)
tree9d5b6def20fc21877cb68dca6a6fdcf6f0e3253a
parentbc109cff50833fc378832def77fb1e4a5b343bff (diff)
Fix global view CSRF
https://github.com/FreshRSS/FreshRSS/issues/1591
Diffstat
-rw-r--r--CHANGELOG.md1
-rw-r--r--p/scripts/global_view.js3
2 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index de4645622..d1af4ac36 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@
* Fix API compatibility bug between PostgreSQL and EasyRSS [#1603](https://github.com/FreshRSS/FreshRSS/pull/1603)
* Fix PostgreSQL error when adding entries with duplicated GUID [#1610](https://github.com/FreshRSS/FreshRSS/issues/1610)
* Fix for RSS feeds containing HTML in author field [#1590](https://github.com/FreshRSS/FreshRSS/issues/1590)
+ * Fix logout issue in global view due to CSRF [#1591](https://github.com/FreshRSS/FreshRSS/issues/1591)
* Misc.
* Travis continuous integration [#1619](https://github.com/FreshRSS/FreshRSS/pull/1619)
* Allow longer database usernames [#1597](https://github.com/FreshRSS/FreshRSS/issues/1597)
diff --git a/p/scripts/global_view.js b/p/scripts/global_view.js
index de0b9cb9f..e3de0fd52 100644
--- a/p/scripts/global_view.js
+++ b/p/scripts/global_view.js
@@ -33,6 +33,9 @@ function load_panel(link) {
$.ajax({
type: "POST",
url: $(this).attr("formaction"),
+ data : {
+ _csrf: context.csrf,
+ },
async: false
});
window.location.reload(false);
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 19:06:39 +0000