summaryrefslogtreecommitdiff
path: root/static
diff options
context:
space:
mode:
authorBrian Picciano <mediocregopher@gmail.com>2021-08-30 20:08:51 -0600
committerBrian Picciano <mediocregopher@gmail.com>2021-08-30 20:44:45 -0600
commit9343d2ea697f13e52e9199fce62a959f1954f580 (patch)
treee1e36e330a3c9891bfd8a625229a9b417ad89afa /static
parent3e9a17abb9a9d63af3c260fba9dc404dd9c59ade (diff)
add chat handlers and only allow POST methods
Diffstat (limited to 'static')
-rw-r--r--static/src/assets/api.js10
-rw-r--r--static/src/follow.md2
-rw-r--r--static/src/mailinglist/finalize.md2
-rw-r--r--static/src/mailinglist/unsubscribe.md2
4 files changed, 10 insertions, 6 deletions
diff --git a/static/src/assets/api.js b/static/src/assets/api.js
index b591764..7ce2e89 100644
--- a/static/src/assets/api.js
+++ b/static/src/assets/api.js
@@ -31,7 +31,7 @@ const doFetch = async (req) => {
// may throw
const solvePow = async () => {
- const res = await call('GET', '/api/pow/challenge');
+ const res = await call('/api/pow/challenge');
const worker = new Worker('/assets/solvePow.js');
@@ -46,8 +46,12 @@ const solvePow = async () => {
return {seed: res.seed, solution: powSol};
}
-const call = async (method, route, opts = {}) => {
- const { body = {}, requiresPow = false } = opts;
+const call = async (route, opts = {}) => {
+ const {
+ method = 'POST',
+ body = {},
+ requiresPow = false,
+ } = opts;
if (!utils.cookies["csrf_token"])
throw "csrf_token cookie not set, can't make api call";
diff --git a/static/src/follow.md b/static/src/follow.md
index b02e7f0..dcdfcdd 100644
--- a/static/src/follow.md
+++ b/static/src/follow.md
@@ -63,7 +63,7 @@ emailSubscribe.onclick = async () => {
throw "The browser environment is not secure.";
}
- await api.call('POST', '/api/mailinglist/subscribe', {
+ await api.call('/api/mailinglist/subscribe', {
body: { email: emailAddress.value },
requiresPow: true,
});
diff --git a/static/src/mailinglist/finalize.md b/static/src/mailinglist/finalize.md
index 56878b9..a80809d 100644
--- a/static/src/mailinglist/finalize.md
+++ b/static/src/mailinglist/finalize.md
@@ -28,7 +28,7 @@ nofollow: true
const api = await import("/assets/api.js");
- await api.call('POST', '/api/mailinglist/finalize', {
+ await api.call('/api/mailinglist/finalize', {
body: { subToken },
});
diff --git a/static/src/mailinglist/unsubscribe.md b/static/src/mailinglist/unsubscribe.md
index cacd212..f6600c9 100644
--- a/static/src/mailinglist/unsubscribe.md
+++ b/static/src/mailinglist/unsubscribe.md
@@ -27,7 +27,7 @@ nofollow: true
const api = await import("/assets/api.js");
- await api.call('POST', '/api/mailinglist/unsubscribe', {
+ await api.call('/api/mailinglist/unsubscribe', {
body: { unsubToken },
});