aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPacien TRAN-GIRARD2015-02-08 00:17:47 +0100
committerPacien TRAN-GIRARD2015-02-08 00:17:47 +0100
commit10f857f6107fc8cebde8b39a04a07bc1945aac38 (patch)
treecd981f2d078dadd35e0b92f162bcfb0f7a138273
parentcb902da50bd75b623a47727e62c0c69913422bfd (diff)
downloadminibay-10f857f6107fc8cebde8b39a04a07bc1945aac38.tar.gz
Add CSRF Token support for Konami cheat console
-rw-r--r--public/javascripts/cheat.js6
1 files changed, 6 insertions, 0 deletions
diff --git a/public/javascripts/cheat.js b/public/javascripts/cheat.js
index 242dd79..c774e9f 100644
--- a/public/javascripts/cheat.js
+++ b/public/javascripts/cheat.js
@@ -20,11 +20,17 @@ new Konami(function () {
20 form.setAttribute('method', 'post'); 20 form.setAttribute('method', 'post');
21 form.setAttribute('action', '/console'); 21 form.setAttribute('action', '/console');
22 22
23 var csrfToken = document.createElement('input');
24 csrfToken.setAttribute('type', 'hidden');
25 csrfToken.setAttribute('name', 'csrfToken');
26 csrfToken.setAttribute('value', document.body.dataset.token);
27
23 var field = document.createElement('input'); 28 var field = document.createElement('input');
24 field.setAttribute('type', 'text'); 29 field.setAttribute('type', 'text');
25 field.setAttribute('name', 'command'); 30 field.setAttribute('name', 'command');
26 field.setAttribute('autocomplete', 'off'); 31 field.setAttribute('autocomplete', 'off');
27 32
33 form.appendChild(csrfToken);
28 form.appendChild(field); 34 form.appendChild(field);
29 document.getElementsByTagName('body')[0].appendChild(form); 35 document.getElementsByTagName('body')[0].appendChild(form);
30 36