From 342683adebaa006298b709bdc2dc96756d37e86c Mon Sep 17 00:00:00 2001
From: Viktor Geringer <devfakeplus@googlemail.com>
Date: Tue, 11 Apr 2017 11:28:58 +0200
Subject: [PATCH] disable csrf (#68)

---
 backend/app/Http/Kernel.php | 2 +-
 backend/routes/web.php      | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/app/Http/Kernel.php b/backend/app/Http/Kernel.php
index 741663a..338aa94 100644
--- a/backend/app/Http/Kernel.php
+++ b/backend/app/Http/Kernel.php
@@ -28,7 +28,6 @@ class Kernel extends HttpKernel
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
 
@@ -52,5 +51,6 @@ class Kernel extends HttpKernel
         'can' => \Illuminate\Auth\Middleware\Authorize::class,
         'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'csrf' => \App\Http\Middleware\VerifyCsrfToken::class,
     ];
 }
diff --git a/backend/routes/web.php b/backend/routes/web.php
index b4b9152..da9d113 100644
--- a/backend/routes/web.php
+++ b/backend/routes/web.php
@@ -19,7 +19,7 @@
 
     Route::group(['middleware' => 'auth'], function() {
       Route::get('/export', 'ExportImportController@export');
-      Route::post('/import', 'ExportImportController@import');
+      Route::post('/import', 'ExportImportController@import')->middleware('csrf');
 
       Route::get('/check-update', 'SettingController@checkForUpdate');
       Route::get('/version', 'SettingController@getVersion');
@@ -31,10 +31,10 @@
       Route::patch('/toggle-episode/{id}', 'ItemController@toggleEpisode');
       Route::patch('/toggle-season', 'ItemController@toggleSeason');
       Route::patch('/change-rating/{itemId}', 'ItemController@changeRating');
-      Route::delete('/remove/{itemId}', 'ItemController@remove');
+      Route::delete('/remove/{itemId}', 'ItemController@remove')->middleware('csrf');
 
       Route::get('/userdata', 'UserController@getUserData');
-      Route::patch('/userdata', 'UserController@changeUserData');
+      Route::patch('/userdata', 'UserController@changeUserData')->middleware('csrf');
 
       Route::get('/search-tmdb', 'TMDBController@search');