From 43506f14794eb130c2ce4588ff7d329e76f20a7e Mon Sep 17 00:00:00 2001
From: Thomas Lynch <tom@69420.me>
Date: Thu, 10 Mar 2022 20:56:47 +1100
Subject: [PATCH] remove unnecessary csrf middleware from mypermissions pages
 (they dont call req.csrfToken(), there arent any forms on the pages)

---
 controllers/pages.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controllers/pages.js b/controllers/pages.js
index 0b75f092..52d365c5 100644
--- a/controllers/pages.js
+++ b/controllers/pages.js
@@ -65,7 +65,7 @@ hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, manageReports);
 router.get('/:board/manage/recent.(html|json)', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms,
 hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, manageRecent);
 router.get('/:board/manage/mypermissions.html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms,
-hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, manageMyPermissions);
+hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), manageMyPermissions);
 router.get('/:board/manage/logs.html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms,
 hasPerms.one(Permissions.MANAGE_BOARD_LOGS), csrf, manageLogs);
 router.get('/:board/manage/bans.html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms,
@@ -118,7 +118,7 @@ router.get('/bypass_minimal.html', setMinimal, blockBypass); //block bypass page
 
 //accounts
 router.get('/account.html', useSession, sessionRefresh, isLoggedIn, calcPerms, csrf, account); //page showing boards you are mod/owner of, links to password rese, logout, etc
-router.get('/mypermissions.html', useSession, sessionRefresh, isLoggedIn, calcPerms, csrf, myPermissions);
+router.get('/mypermissions.html', useSession, sessionRefresh, isLoggedIn, calcPerms, myPermissions);
 router.get('/login.html', login);
 router.get('/register.html', register);
 router.get('/changepassword.html', changePassword);