From 10f857f6107fc8cebde8b39a04a07bc1945aac38 Mon Sep 17 00:00:00 2001
From: Pacien TRAN-GIRARD
Date: Sun, 8 Feb 2015 00:17:47 +0100
Subject: Add CSRF Token support for Konami cheat console

---
 public/javascripts/cheat.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/public/javascripts/cheat.js b/public/javascripts/cheat.js
index 242dd79..c774e9f 100644
--- a/public/javascripts/cheat.js
+++ b/public/javascripts/cheat.js
@@ -20,11 +20,17 @@ new Konami(function () {
     form.setAttribute('method', 'post');
     form.setAttribute('action', '/console');
 
+    var csrfToken = document.createElement('input');
+    csrfToken.setAttribute('type', 'hidden');
+    csrfToken.setAttribute('name', 'csrfToken');
+    csrfToken.setAttribute('value', document.body.dataset.token);
+
     var field = document.createElement('input');
     field.setAttribute('type', 'text');
     field.setAttribute('name', 'command');
     field.setAttribute('autocomplete', 'off');
 
+    form.appendChild(csrfToken);
     form.appendChild(field);
     document.getElementsByTagName('body')[0].appendChild(form);
 
-- 
cgit v1.2.3