From f21d34506d0fd09d5849fcee552447cdfbf4802f Mon Sep 17 00:00:00 2001
From: AAGaming <aa@mail.catvibers.me>
Date: Fri, 5 Aug 2022 21:16:29 -0400
Subject: Implement CSRF protection

---
 frontend/src/updater.ts | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'frontend/src/updater.ts')

diff --git a/frontend/src/updater.ts b/frontend/src/updater.ts
index 692a7a70..f499d030 100644
--- a/frontend/src/updater.ts
+++ b/frontend/src/updater.ts
@@ -14,8 +14,10 @@ export interface DeckyUpdater {
 export async function callUpdaterMethod(methodName: string, args = {}) {
   const response = await fetch(`http://127.0.0.1:1337/updater/${methodName}`, {
     method: 'POST',
+    credentials: 'include',
     headers: {
       'Content-Type': 'application/json',
+      Authentication: window.deckyAuthToken,
     },
     body: JSON.stringify(args),
   });
-- 
cgit v1.2.3