diff options
author | Brian Picciano <mediocregopher@gmail.com> | 2021-08-30 20:08:51 -0600 |
---|---|---|
committer | Brian Picciano <mediocregopher@gmail.com> | 2021-08-30 20:44:45 -0600 |
commit | 9343d2ea697f13e52e9199fce62a959f1954f580 (patch) | |
tree | e1e36e330a3c9891bfd8a625229a9b417ad89afa /static | |
parent | 3e9a17abb9a9d63af3c260fba9dc404dd9c59ade (diff) |
add chat handlers and only allow POST methods
Diffstat (limited to 'static')
-rw-r--r-- | static/src/assets/api.js | 10 | ||||
-rw-r--r-- | static/src/follow.md | 2 | ||||
-rw-r--r-- | static/src/mailinglist/finalize.md | 2 | ||||
-rw-r--r-- | static/src/mailinglist/unsubscribe.md | 2 |
4 files changed, 10 insertions, 6 deletions
diff --git a/static/src/assets/api.js b/static/src/assets/api.js index b591764..7ce2e89 100644 --- a/static/src/assets/api.js +++ b/static/src/assets/api.js @@ -31,7 +31,7 @@ const doFetch = async (req) => { // may throw const solvePow = async () => { - const res = await call('GET', '/api/pow/challenge'); + const res = await call('/api/pow/challenge'); const worker = new Worker('/assets/solvePow.js'); @@ -46,8 +46,12 @@ const solvePow = async () => { return {seed: res.seed, solution: powSol}; } -const call = async (method, route, opts = {}) => { - const { body = {}, requiresPow = false } = opts; +const call = async (route, opts = {}) => { + const { + method = 'POST', + body = {}, + requiresPow = false, + } = opts; if (!utils.cookies["csrf_token"]) throw "csrf_token cookie not set, can't make api call"; diff --git a/static/src/follow.md b/static/src/follow.md index b02e7f0..dcdfcdd 100644 --- a/static/src/follow.md +++ b/static/src/follow.md @@ -63,7 +63,7 @@ emailSubscribe.onclick = async () => { throw "The browser environment is not secure."; } - await api.call('POST', '/api/mailinglist/subscribe', { + await api.call('/api/mailinglist/subscribe', { body: { email: emailAddress.value }, requiresPow: true, }); diff --git a/static/src/mailinglist/finalize.md b/static/src/mailinglist/finalize.md index 56878b9..a80809d 100644 --- a/static/src/mailinglist/finalize.md +++ b/static/src/mailinglist/finalize.md @@ -28,7 +28,7 @@ nofollow: true const api = await import("/assets/api.js"); - await api.call('POST', '/api/mailinglist/finalize', { + await api.call('/api/mailinglist/finalize', { body: { subToken }, }); diff --git a/static/src/mailinglist/unsubscribe.md b/static/src/mailinglist/unsubscribe.md index cacd212..f6600c9 100644 --- a/static/src/mailinglist/unsubscribe.md +++ b/static/src/mailinglist/unsubscribe.md @@ -27,7 +27,7 @@ nofollow: true const api = await import("/assets/api.js"); - await api.call('POST', '/api/mailinglist/unsubscribe', { + await api.call('/api/mailinglist/unsubscribe', { body: { unsubToken }, }); |