projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
luci-app-ocserv: protect disconnect action with csrf token
[project/luci.git] / applications / luci-app-ocserv / luasrc / view / ocserv_status.htm
diff --git a/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm b/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm
index 138b039..03a9ed7 100644 (file)
--- a/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm
+++ b/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm
@@ -1,7 +1,7 @@
 <script type="text/javascript">//<![CDATA[
 
        function ocserv_disconnect(idx) {
-               XHR.get('<%=url('admin/services/ocserv/disconnect')%>/' + idx, null,
+               (new XHR()).post('<%=url('admin/services/ocserv/disconnect')%>/' + idx, { token: '<%=token%>' },
                        function(x)
                        {
                                var tb = document.getElementById('ocserv_status_table');
Lua Configuration Interface (mirror)