Get rid of CSRF code in api.js

author: Brian Picciano <mediocregopher@gmail.com> 2022-06-03 13:42:59 -0600
committer: Brian Picciano <mediocregopher@gmail.com> 2022-06-03 13:42:59 -0600
commit: fa47baffb6d665e0bd100b8f35f81c324d1b0d0d (patch)
tree: 872c9b4838499f91cee202b68de6bf61a06fb19c /srv/src/http/static/api.js
parent: 08811a6da78c3f1f973b8f50a337ff4dc4ed9e2c (diff)
1 files changed, 0 insertions, 14 deletions
diff --git a/srv/src/http/static/api.js b/srv/src/http/static/api.js
index a635118..55c9ecd 100644
--- a/srv/src/http/static/api.js
+++ b/srv/src/http/static/api.js
@@ -1,7 +1,5 @@
 import * as utils from "/static/utils.js";
 
-const csrfTokenCookie  = "csrf_token";
-
 const doFetch = async (req) => {
   let res, jsonRes;
   try {
@@ -55,14 +53,8 @@ const call = async (route, opts = {}) => {
     requiresPow = false,
   } = opts;
 
-  if (!utils.cookies[csrfTokenCookie]) 
-    throw `${csrfTokenCookie} cookie not set, can't make api call`;
-
   const reqOpts = {
     method,
-    headers: {
-      "X-CSRF-Token": utils.cookies[csrfTokenCookie],
-    },
   };
 
   if (requiresPow) {
@@ -92,12 +84,6 @@ const ws = async (route, opts = {}) => {
   const protocol = docURL.protocol == "http:" ? "ws:" : "wss:";
 
   const fullParams = new URLSearchParams(params);
-  const csrfToken = utils.cookies[csrfTokenCookie];
-
-  if (!csrfToken)
-    throw `${csrfTokenCookie} cookie not set, can't make api call`;
-
-  fullParams.set("csrfToken", csrfToken);
 
   if (requiresPow) {
     const {seed, solution} = await solvePow();
author	Brian Picciano <mediocregopher@gmail.com>	2022-06-03 13:42:59 -0600
committer	Brian Picciano <mediocregopher@gmail.com>	2022-06-03 13:42:59 -0600
commit	fa47baffb6d665e0bd100b8f35f81c324d1b0d0d (patch)
tree	872c9b4838499f91cee202b68de6bf61a06fb19c /srv/src/http/static/api.js
parent	08811a6da78c3f1f973b8f50a337ff4dc4ed9e2c (diff)