From 445ef6d1481745cd4e7af7e671f534a25d4495dc Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 28 May 2014 15:14:52 -0400
Subject: Add CSRF protections

---
 assets/js/board.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'assets/js')

diff --git a/assets/js/board.js b/assets/js/board.js
index 49dab9fa..7ff7445b 100644
--- a/assets/js/board.js
+++ b/assets/js/board.js
@@ -70,8 +70,9 @@
         });
 
         $.ajax({
+            cache: false,
             url: "?controller=board&action=save&project_id=" + projectId,
-            data: {positions: data},
+            data: {"positions": data, "csrf_token": $("#board").attr("data-csrf-token")},
             type: "POST",
             success: function(data) {
                 $("#board").remove();
@@ -90,6 +91,7 @@
 
         if (is_visible() && projectId != undefined && timestamp != undefined) {
             $.ajax({
+                cache: false,
                 url: "?controller=board&action=check&project_id=" + projectId + "&timestamp=" + timestamp,
                 statusCode: {
                     200: function(data) {
-- 
cgit v1.2.3