fix(csrf): remove all csrf bypass

2020-03-06 17:51:58 +01:00
parent f183df0d88
commit 23b899f50f
20 changed files with 84 additions and 56 deletions
--- a/api-server/server/boot/settings.js
+++ b/api-server/server/boot/settings.js
@ -48,7 +48,6 @@ export default function settingsController(app) {
  api.put('/update-my-username', ifNoUser401, updateMyUsername);
  api.put('/update-user-flag', ifNoUser401, updateUserFlag);

-  app.use('/internal', api);
  app.use(api);
 }