Add CSRF protections

2014-05-28 15:14:52 -04:00
parent 75ab09e28b
commit 445ef6d148
60 changed files with 291 additions and 132 deletions
--- a/assets/js/board.js
+++ b/assets/js/board.js
@@ -70,8 +70,9 @@
        });

        $.ajax({
+            cache: false,
            url: "?controller=board&action=save&project_id=" + projectId,
-            data: {positions: data},
+            data: {"positions": data, "csrf_token": $("#board").attr("data-csrf-token")},
            type: "POST",
            success: function(data) {
                $("#board").remove();
@@ -90,6 +91,7 @@

        if (is_visible() && projectId != undefined && timestamp != undefined) {
            $.ajax({
+                cache: false,
                url: "?controller=board&action=check&project_id=" + projectId + "&timestamp=" + timestamp,
                statusCode: {
                    200: function(data) {