diff options
author | dizzy <diosmosis@users.noreply.github.com> | 2021-06-18 00:02:05 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-18 00:02:05 +0300 |
commit | 9696ebf41083f246357bdb0db605f00520866542 (patch) | |
tree | 9dbde51e62b4721105e38cb32654445d3430f3e8 /plugins/Overlay | |
parent | 216aa653a891ece5078437698fb1982b25d2c584 (diff) |
Make sure overlay API requests send force_api_session as POST param (#17675)
* Fix Overlay API requests which can end up sending force_api_session=1 in the query, while sending a POST request, which is not allowed
* correct parsing of segment in URL when detecting Overlay
* rebuilt piwik.js
* better regex
* rebuilt piwik.js
Diffstat (limited to 'plugins/Overlay')
-rw-r--r-- | plugins/Overlay/javascripts/Piwik_Overlay.js | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/plugins/Overlay/javascripts/Piwik_Overlay.js b/plugins/Overlay/javascripts/Piwik_Overlay.js index bccdd2aec5..49e5c95401 100644 --- a/plugins/Overlay/javascripts/Piwik_Overlay.js +++ b/plugins/Overlay/javascripts/Piwik_Overlay.js @@ -228,6 +228,10 @@ var Piwik_Overlay = (function () { params.module = 'API'; params.action = 'index'; + // these should be sent as post parameters + delete params.token_auth; + delete params.force_api_session; + if (ALLOWED_API_REQUEST_WHITELIST.indexOf(params.method) === -1) { sendResponse({ result: 'error', @@ -237,13 +241,14 @@ var Piwik_Overlay = (function () { } angular.element(document).injector().invoke(['piwikApi', function (piwikApi) { + piwikApi.withTokenInUrl(); piwikApi.fetch(params) .then(function (response) { sendResponse(response); }).catch(function (err) { sendResponse({ result: 'error', - message: err.message, + message: err.message || err || 'unknown error', }); }); }]); |