Added CSRF protection to all API calls. /api/account AJAX calls updated.

2024-12-29 21:40:50 -05:00 · 2024-12-29 21:40:50 -05:00 · 106b0fcddb
commit 106b0fcddb
parent 7e0c8e72c5
11 changed files with 149 additions and 14 deletions
--- a/src/views/404.ejs
+++ b/src/views/404.ejs
@ -0,0 +1,33 @@
+<%# Canopy - The next generation of stoner streaming software
+Copyright (C) 2024-2025 Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>. %>
+<!DOCTYPE html>
+<html>
+    <head>
+        <%- include('partial/styles', {instance, user}); %>
+        <%- include('partial/csrfToken', {csrfToken}); %>
+        <link rel="stylesheet" type="text/css" href="css/error.css">
+        <title><%= instance %></title>
+    </head>
+    <body>
+        <%- include('partial/navbar', {user}); %>
+        <h1>404</h1>
+        <h3>Congratulations, you've found a dead link!</h3>
+        <img src="https://web.archive.org/web/20091027105418/http://geocities.com/cd_franks_elementary/graphics/cdcongratulationsspinning.gif">
+    </body>
+    <footer>
+        <%- include('partial/scripts', {user}); %>
+    </footer>
+</html>