From b1068e5dec8fcd8d2e5961f685b2478e347a59f3 Mon Sep 17 00:00:00 2001
From: M Fahru <m.fahru@overleaf.com>
Date: Tue, 27 Dec 2022 13:04:32 -0700
Subject: [PATCH] Add _csrf to request body

GitOrigin-RevId: 87b5a7299fbb795618143421df79375b41f8f921
---
 .../frontend/js/features/editor-left-menu/utils/api.ts | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/services/web/frontend/js/features/editor-left-menu/utils/api.ts b/services/web/frontend/js/features/editor-left-menu/utils/api.ts
index d4d59c32b8..c15f27ed8b 100644
--- a/services/web/frontend/js/features/editor-left-menu/utils/api.ts
+++ b/services/web/frontend/js/features/editor-left-menu/utils/api.ts
@@ -25,7 +25,10 @@ export type UserSettingsScope = {
 
 export function saveUserSettings(data: Partial<UserSettingsScope>) {
   postJSON('/user/settings', {
-    body: data,
+    body: {
+      _csrf: window.csrfToken,
+      ...data,
+    },
   })
 }
 
@@ -41,6 +44,9 @@ export const saveProjectSettings = async (
   data: Partial<ProjectSettingsScope>
 ) => {
   await postJSON<never>(`/project/${projectId}/settings`, {
-    body: data,
+    body: {
+      _csrf: window.csrfToken,
+      ...data,
+    },
   })
 }