brammie15/ReSendit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSRF protection for cookie-authenticated requests

Browse Source
This commit is contained in:
root
2026-03-23 16:20:26 +01:00
parent a3348e8795
commit fae7f80913
8 changed files with 139 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
templates/changePassword.html
View File

@@ -258,9 +258,12 @@
}
try {
const m = document.cookie.match('(^|;)\\s*csrf_token\\s*=\\s*([^;]+)');
const csrf = m ? m.pop() : '';
const res = await fetch('/api/user/change-password', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'X-CSRF-Token': csrf },
body: JSON.stringify({
old_password: current,
new_password: nv