Added CSRF protection to all API calls. /api/account AJAX calls updated.

2024-12-29 21:40:50 -05:00 · 2024-12-29 21:40:50 -05:00 · 106b0fcddb
commit 106b0fcddb
parent 7e0c8e72c5
11 changed files with 149 additions and 14 deletions
--- a/src/controllers/api/account/logoutController.js
+++ b/src/controllers/api/account/logoutController.js
@ -18,7 +18,7 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
 const accountUtils = require('../../../utils/sessionUtils');
 const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');

-module.exports.get = async function(req, res){
+module.exports.post = async function(req, res){
    if(req.session.user){
        try{
            accountUtils.killSession(req.session);