From c83c706a320e5315c3a4b901838f0e84df1dad53 Mon Sep 17 00:00:00 2001
From: Arthur Lu <root@tronnet.net>
Date: Thu, 15 Dec 2022 23:44:48 -0800
Subject: [PATCH] put CSRF only for POST

---
 scripts/utils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/utils.js b/scripts/utils.js
index 428fff5..d61b72d 100644
--- a/scripts/utils.js
+++ b/scripts/utils.js
@@ -54,10 +54,10 @@ export async function request (path, method, body = null, auth = true) {
 	}
 	if(method === "POST") {
 		content.body = prms.toString();
+		content.headers.CSRFPreventionToken = getCookie("CSRFPreventionToken");
 	}
 	if(auth) {
 		content.headers.Cookie = document.cookie;
-		content.headers.CSRFPreventionToken = getCookie("CSRFPreventionToken");
 	}
 
 	let response = await fetch(`https://pve.tronnet.net/api2/json${path}`, content)