From 9343d2ea697f13e52e9199fce62a959f1954f580 Mon Sep 17 00:00:00 2001
From: Brian Picciano <mediocregopher@gmail.com>
Date: Mon, 30 Aug 2021 20:08:51 -0600
Subject: add chat handlers and only allow POST methods

---
 static/src/assets/api.js              | 10 +++++++---
 static/src/follow.md                  |  2 +-
 static/src/mailinglist/finalize.md    |  2 +-
 static/src/mailinglist/unsubscribe.md |  2 +-
 4 files changed, 10 insertions(+), 6 deletions(-)

(limited to 'static')

diff --git a/static/src/assets/api.js b/static/src/assets/api.js
index b591764..7ce2e89 100644
--- a/static/src/assets/api.js
+++ b/static/src/assets/api.js
@@ -31,7 +31,7 @@ const doFetch = async (req) => {
 // may throw
 const solvePow = async () => {
 
-  const res = await call('GET', '/api/pow/challenge');
+  const res = await call('/api/pow/challenge');
 
   const worker = new Worker('/assets/solvePow.js');
 
@@ -46,8 +46,12 @@ const solvePow = async () => {
   return {seed: res.seed, solution: powSol};
 }
 
-const call = async (method, route, opts = {}) => {
-  const { body = {}, requiresPow = false } = opts;
+const call = async (route, opts = {}) => {
+  const {
+    method = 'POST',
+    body = {},
+    requiresPow = false,
+  } = opts;
 
   if (!utils.cookies["csrf_token"]) 
     throw "csrf_token cookie not set, can't make api call";
diff --git a/static/src/follow.md b/static/src/follow.md
index b02e7f0..dcdfcdd 100644
--- a/static/src/follow.md
+++ b/static/src/follow.md
@@ -63,7 +63,7 @@ emailSubscribe.onclick = async () => {
             throw "The browser environment is not secure.";
         }
 
-        await api.call('POST', '/api/mailinglist/subscribe', {
+        await api.call('/api/mailinglist/subscribe', {
             body: { email: emailAddress.value },
             requiresPow: true,
         });
diff --git a/static/src/mailinglist/finalize.md b/static/src/mailinglist/finalize.md
index 56878b9..a80809d 100644
--- a/static/src/mailinglist/finalize.md
+++ b/static/src/mailinglist/finalize.md
@@ -28,7 +28,7 @@ nofollow: true
 
         const api = await import("/assets/api.js");
 
-        await api.call('POST', '/api/mailinglist/finalize', {
+        await api.call('/api/mailinglist/finalize', {
             body: { subToken },
         });
 
diff --git a/static/src/mailinglist/unsubscribe.md b/static/src/mailinglist/unsubscribe.md
index cacd212..f6600c9 100644
--- a/static/src/mailinglist/unsubscribe.md
+++ b/static/src/mailinglist/unsubscribe.md
@@ -27,7 +27,7 @@ nofollow: true
 
         const api = await import("/assets/api.js");
 
-        await api.call('POST', '/api/mailinglist/unsubscribe', {
+        await api.call('/api/mailinglist/unsubscribe', {
             body: { unsubToken },
         });
 
-- 
cgit v1.2.3