diff options
| author | Pacien TRAN-GIRARD | 2015-02-08 00:17:47 +0100 |
|---|---|---|
| committer | Pacien TRAN-GIRARD | 2015-02-08 00:17:47 +0100 |
| commit | 10f857f6107fc8cebde8b39a04a07bc1945aac38 (patch) | |
| tree | cd981f2d078dadd35e0b92f162bcfb0f7a138273 | |
| parent | cb902da50bd75b623a47727e62c0c69913422bfd (diff) | |
| download | minibay-10f857f6107fc8cebde8b39a04a07bc1945aac38.tar.gz | |
Add CSRF Token support for Konami cheat console
| -rw-r--r-- | public/javascripts/cheat.js | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/public/javascripts/cheat.js b/public/javascripts/cheat.js index 242dd79..c774e9f 100644 --- a/public/javascripts/cheat.js +++ b/public/javascripts/cheat.js | |||
| @@ -20,11 +20,17 @@ new Konami(function () { | |||
| 20 | form.setAttribute('method', 'post'); | 20 | form.setAttribute('method', 'post'); |
| 21 | form.setAttribute('action', '/console'); | 21 | form.setAttribute('action', '/console'); |
| 22 | 22 | ||
| 23 | var csrfToken = document.createElement('input'); | ||
| 24 | csrfToken.setAttribute('type', 'hidden'); | ||
| 25 | csrfToken.setAttribute('name', 'csrfToken'); | ||
| 26 | csrfToken.setAttribute('value', document.body.dataset.token); | ||
| 27 | |||
| 23 | var field = document.createElement('input'); | 28 | var field = document.createElement('input'); |
| 24 | field.setAttribute('type', 'text'); | 29 | field.setAttribute('type', 'text'); |
| 25 | field.setAttribute('name', 'command'); | 30 | field.setAttribute('name', 'command'); |
| 26 | field.setAttribute('autocomplete', 'off'); | 31 | field.setAttribute('autocomplete', 'off'); |
| 27 | 32 | ||
| 33 | form.appendChild(csrfToken); | ||
| 28 | form.appendChild(field); | 34 | form.appendChild(field); |
| 29 | document.getElementsByTagName('body')[0].appendChild(form); | 35 | document.getElementsByTagName('body')[0].appendChild(form); |
| 30 | 36 | ||