Merge pull request #1210 from Alkarex/csrf-token

CSRF token, update HTTP Referrer policy to same-origin
author: Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 19:20:36 +0200
committer: GitHub <noreply@github.com> 2016-08-13 19:20:36 +0200
commit: 7eab5a3a69d0a1ca0812c78a00fb353731ae14a7 (patch)
tree: 36fea769271878d2ad9927a26cb25aa53a799207 /p/scripts
parent: 97efdcac1e38c568b6be313120694e7201d4c69c (diff)
parent: b3963f6ed6316745593da8a68116006a179a817e (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/p/scripts/main.js b/p/scripts/main.js
index 62f0fbb1a..89edc54e5 100644
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -134,7 +134,10 @@ function mark_read(active, only_not_read) {
 	$.ajax({
 		type: 'POST',
 		url: url,
-		data : { ajax: true }
+		data : {
+			ajax: true,
+			_csrf: context.csrf,
+		},
 	}).done(function (data) {
 		var $r = active.find("a.read").attr("href", data.url),
 			inc = 0;
@@ -178,7 +181,10 @@ function mark_favorite(active) {
 	$.ajax({
 		type: 'POST',
 		url: url,
-		data : { ajax: true }
+		data : {
+			ajax: true,
+			_csrf: context.csrf,
+		},
 	}).done(function (data) {
 		var $b = active.find("a.bookmark").attr("href", data.url),
 			inc = 0;
@@ -775,6 +781,9 @@ function updateFeed(feeds, feeds_count) {
 	$.ajax({
 		type: 'POST',
 		url: feed.url,
+		data : {
+			_csrf: context.csrf,
+		},
 	}).always(function (data) {
 		feed_processed++;
 		$("#actualizeProgress .progress").html(feed_processed + " / " + feeds_count);
author	Alexandre Alapetite <alexandre@alapetite.fr>	2016-08-13 19:20:36 +0200
committer	GitHub <noreply@github.com>	2016-08-13 19:20:36 +0200
commit	7eab5a3a69d0a1ca0812c78a00fb353731ae14a7 (patch)
tree	36fea769271878d2ad9927a26cb25aa53a799207 /p/scripts
parent	97efdcac1e38c568b6be313120694e7201d4c69c (diff)
parent	b3963f6ed6316745593da8a68116006a179a817e (diff)