Add CSRF protections

author: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
committer: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
commit: 445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree: 7990903e398d77339587595ef5a07df8464f5a2e /assets/js
parent: 75ab09e28b22e9a5676ee912482027926e271515 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/assets/js/board.js b/assets/js/board.js
index 49dab9fa..7ff7445b 100644
--- a/assets/js/board.js
+++ b/assets/js/board.js
@@ -70,8 +70,9 @@
         });
 
         $.ajax({
+            cache: false,
             url: "?controller=board&action=save&project_id=" + projectId,
-            data: {positions: data},
+            data: {"positions": data, "csrf_token": $("#board").attr("data-csrf-token")},
             type: "POST",
             success: function(data) {
                 $("#board").remove();
@@ -90,6 +91,7 @@
 
         if (is_visible() && projectId != undefined && timestamp != undefined) {
             $.ajax({
+                cache: false,
                 url: "?controller=board&action=check&project_id=" + projectId + "&timestamp=" + timestamp,
                 statusCode: {
                     200: function(data) {
author	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
committer	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
commit	445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree	7990903e398d77339587595ef5a07df8464f5a2e /assets/js
parent	75ab09e28b22e9a5676ee912482027926e271515 (diff)