update csrf

contrib/static/mod.js

@@ -165,7 +165,11 @@ function nntpchan_mod(mod_action, result_elem) {
     elem.removeChild(elem.firstChild);
   }
 
-
+  var csrf_ajax = new XMLHttpRequest();
+  csrf_ajax.onreadystatechange = function() {
+    if (csrf_ajax.readyState == XMLHttpRequest.DONE) {
+      // get csrf token
+      var csrf = csrf_ajax.getResponseHeader("X-CSRF-Token");
       // fire off ajax
       var ajax = new XMLHttpRequest();
       ajax.onreadystatechange = function() {
@@ -198,6 +202,7 @@ function nntpchan_mod(mod_action, result_elem) {
           }
         }
       }
+      ajax.setRequestHeader("X-CSRF-Token", csrf);
       if (mod_action.name) {
         var url = mod_action.name + "/" + target;
         ajax.open(mod_action.method || "GET", url);
@@ -212,3 +217,7 @@ function nntpchan_mod(mod_action, result_elem) {
         alert("mod action has no name");
       }
     }
+  }
+  csrf_ajax.open("");
+  csrf_ajax.send();
+}