jostreff/wireguard-ui
1
0
Fork 0
mirror of https://github.com/ngoduykhanh/wireguard-ui.git synced 2025-07-13 18:18:15 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use POST for the /api/apply-wg-config endpoint and check the Content-Type Header for all non-GET requests to prevent CSRF attacks

Browse source
This commit is contained in:
Marcus Wichelmann 2022-07-08 20:02:18 +02:00
parent f43c59c043
commit 7c7081a3ba
No known key found for this signature in database
GPG key ID: D9FC1B92E557C80D
3 changed files with 47 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/base.html
View file

@ -494,7 +494,7 @@
$("#apply_config_confirm").click(function () {
$.ajax({
cache: false,
method: 'GET',
method: 'POST',
url: '{{.basePath}}/api/apply-wg-config',
dataType: 'json',
contentType: "application/json",