Require CSRF-Token header on state changing API requests, require CSRF nonces on more than just POSTs, replace usage of fetch() with custom CTFd.fetch() implementation (#827)

* Require CSRF-Token header on state changing API requests * Require CSRF nonces on more than just POSTs, * Replace usage of `fetch()` with custom `CTFd.fetch()` implementation
2025-12-18 14:34:21 +01:00 · 2019-01-10 22:38:37 -05:00
parent 9ee743de7e
commit 6e8c7aaa50
28 changed files with 163 additions and 63 deletions
--- a/CTFd/plugins/dynamic_challenges/assets/view.js
+++ b/CTFd/plugins/dynamic_challenges/assets/view.js
@@ -32,7 +32,7 @@ window.challenge.submit = function (cb, preview) {
        'submission': submission
    };

-    fetch(script_root + url, {
+    CTFd.fetch(url, {
        method: 'POST',
        credentials: 'same-origin',
        headers: {