Make sure overlay API requests send force_api_session as POST param (#17675)

* Fix Overlay API requests which can end up sending force_api_session=1 in the query, while sending a POST request, which is not allowed

* correct parsing of segment in URL when detecting Overlay

* rebuilt piwik.js

* better regex

* rebuilt piwik.js

1 files changed, 6 insertions, 1 deletions

diff --git a/plugins/Overlay/javascripts/Piwik_Overlay.js b/plugins/Overlay/javascripts/Piwik_Overlay.js
index bccdd2aec5..49e5c95401 100644
--- a/plugins/Overlay/javascripts/Piwik_Overlay.js
+++ b/plugins/Overlay/javascripts/Piwik_Overlay.js
@@ -228,6 +228,10 @@ var Piwik_Overlay = (function () {
             params.module = 'API';
             params.action = 'index';
 
+            // these should be sent as post parameters
+            delete params.token_auth;
+            delete params.force_api_session;
+
             if (ALLOWED_API_REQUEST_WHITELIST.indexOf(params.method) === -1) {
                 sendResponse({
                     result: 'error',
@@ -237,13 +241,14 @@ var Piwik_Overlay = (function () {
             }
 
             angular.element(document).injector().invoke(['piwikApi', function (piwikApi) {
+                piwikApi.withTokenInUrl();
                 piwikApi.fetch(params)
                     .then(function (response) {
                         sendResponse(response);
                     }).catch(function (err) {
                         sendResponse({
                             result: 'error',
-                            message: err.message,
+                            message: err.message || err || 'unknown error',
                         });
                     });
             }]);