diff --git a/app.py b/app.py index 0667bba..8a710e1 100644 --- a/app.py +++ b/app.py @@ -397,8 +397,7 @@ def route_api_login(): session['session_id'] = result['session_id'] session['username'] = result['username'] - if data.get('remember'): - session.permanent = True + session.permanent = True if data.get('remember') else False return jsonify({'status': 'ok', 'username': result['username'], 'display_name': result['display_name']}) diff --git a/public/src/js/account.js b/public/src/js/account.js index b40bcc4..1df6723 100644 --- a/public/src/js/account.js +++ b/public/src/js/account.js @@ -422,9 +422,11 @@ class Account{ this.lock(false) reject() }) + if(!get){ + request.setRequestHeader("X-CSRFToken", token) + } if(obj){ request.setRequestHeader("Content-Type", "application/json;charset=UTF-8") - request.setRequestHeader("X-CSRFToken", token) request.send(JSON.stringify(obj)) }else{ request.send()