diff options
author | Pacien TRAN-GIRARD | 2015-02-08 00:17:47 +0100 |
---|---|---|
committer | Pacien TRAN-GIRARD | 2015-02-08 00:17:47 +0100 |
commit | 10f857f6107fc8cebde8b39a04a07bc1945aac38 (patch) | |
tree | cd981f2d078dadd35e0b92f162bcfb0f7a138273 | |
parent | cb902da50bd75b623a47727e62c0c69913422bfd (diff) | |
download | minibay-10f857f6107fc8cebde8b39a04a07bc1945aac38.tar.gz |
Add CSRF Token support for Konami cheat console
-rw-r--r-- | public/javascripts/cheat.js | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/public/javascripts/cheat.js b/public/javascripts/cheat.js index 242dd79..c774e9f 100644 --- a/public/javascripts/cheat.js +++ b/public/javascripts/cheat.js | |||
@@ -20,11 +20,17 @@ new Konami(function () { | |||
20 | form.setAttribute('method', 'post'); | 20 | form.setAttribute('method', 'post'); |
21 | form.setAttribute('action', '/console'); | 21 | form.setAttribute('action', '/console'); |
22 | 22 | ||
23 | var csrfToken = document.createElement('input'); | ||
24 | csrfToken.setAttribute('type', 'hidden'); | ||
25 | csrfToken.setAttribute('name', 'csrfToken'); | ||
26 | csrfToken.setAttribute('value', document.body.dataset.token); | ||
27 | |||
23 | var field = document.createElement('input'); | 28 | var field = document.createElement('input'); |
24 | field.setAttribute('type', 'text'); | 29 | field.setAttribute('type', 'text'); |
25 | field.setAttribute('name', 'command'); | 30 | field.setAttribute('name', 'command'); |
26 | field.setAttribute('autocomplete', 'off'); | 31 | field.setAttribute('autocomplete', 'off'); |
27 | 32 | ||
33 | form.appendChild(csrfToken); | ||
28 | form.appendChild(field); | 34 | form.appendChild(field); |
29 | document.getElementsByTagName('body')[0].appendChild(form); | 35 | document.getElementsByTagName('body')[0].appendChild(form); |
30 | 36 | ||