From 2fd5ab8c55e990d3ad6dacc5371dfd5f9b6bcd2e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Sat, 23 Sep 2017 13:34:57 +0200
Subject: Fix global view CSRF

https://github.com/FreshRSS/FreshRSS/issues/1591
---
 CHANGELOG.md             | 1 +
 p/scripts/global_view.js | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de4645622..d1af4ac36 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@
 	* Fix API compatibility bug between PostgreSQL and EasyRSS [#1603](https://github.com/FreshRSS/FreshRSS/pull/1603)
 	* Fix PostgreSQL error when adding entries with duplicated GUID [#1610](https://github.com/FreshRSS/FreshRSS/issues/1610)
 	* Fix for RSS feeds containing HTML in author field [#1590](https://github.com/FreshRSS/FreshRSS/issues/1590)
+	* Fix logout issue in global view due to CSRF [#1591](https://github.com/FreshRSS/FreshRSS/issues/1591)
 * Misc.
 	* Travis continuous integration [#1619](https://github.com/FreshRSS/FreshRSS/pull/1619)
 	* Allow longer database usernames [#1597](https://github.com/FreshRSS/FreshRSS/issues/1597)
diff --git a/p/scripts/global_view.js b/p/scripts/global_view.js
index de0b9cb9f..e3de0fd52 100644
--- a/p/scripts/global_view.js
+++ b/p/scripts/global_view.js
@@ -33,6 +33,9 @@ function load_panel(link) {
 			$.ajax({
 				type: "POST",
 				url: $(this).attr("formaction"),
+				data : {
+					_csrf: context.csrf,
+				},
 				async: false
 			});
 			window.location.reload(false);
-- 
cgit v1.2.3