cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use POST for geocoder backends

Browse source 
The geocoder backend calls are a private implementation detail
and using POST enables request forgery checks and makes scraping
of nominatim via the backend calls harder.
This commit is contained in:
Tom Hughes 2023-03-07 17:24:48 +00:00
parent 2e5e2bc263
commit 8919c8c404
3 changed files with 40 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

22
app/assets/javascripts/index/search.js
View file

@ -129,17 +129,21 @@ OSM.Search = function (map) {
page.load = function () {
$(".search_results_entry").each(function (index) {
var entry = $(this);
var entry = $(this),
csrf_param = $("meta[name=csrf-param]").attr("content"),
csrf_token = $("meta[name=csrf-token]").attr("content"),
params = {
zoom: map.getZoom(),
minlon: map.getBounds().getWest(),
minlat: map.getBounds().getSouth(),
maxlon: map.getBounds().getEast(),
maxlat: map.getBounds().getNorth()
};
params[csrf_param] = csrf_token;
$.ajax({
url: entry.data("href"),
method: "GET",
data: {
zoom: map.getZoom(),
minlon: map.getBounds().getWest(),
minlat: map.getBounds().getSouth(),
maxlon: map.getBounds().getEast(),
maxlat: map.getBounds().getNorth()
},
method: "POST",
data: params,
success: function (html) {
entry.html(html);
// go to first result of first geocoder