From fbfb7b3b306d48ba9e7c09b7218af7354c58a3d1 Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Sun, 2 Jun 2019 13:47:59 +0200
Subject: [PATCH] sync endpoints should not set csrf cookie, #541

---
 src/routes/routes.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/routes/routes.js b/src/routes/routes.js
index 0aaf2b9d1..d4f444174 100644
--- a/src/routes/routes.js
+++ b/src/routes/routes.js
@@ -172,11 +172,11 @@ function register(app) {
     apiRoute(POST, '/api/password/change', passwordApiRoute.changePassword);
 
     apiRoute(POST, '/api/sync/test', syncApiRoute.testSync);
-    apiRoute(GET, '/api/sync/check', syncApiRoute.checkSync);
     apiRoute(POST, '/api/sync/now', syncApiRoute.syncNow);
     apiRoute(POST, '/api/sync/fill-sync-rows', syncApiRoute.fillSyncRows);
     apiRoute(POST, '/api/sync/force-full-sync', syncApiRoute.forceFullSync);
     apiRoute(POST, '/api/sync/force-note-sync/:noteId', syncApiRoute.forceNoteSync);
+    route(GET, '/api/sync/check', [auth.checkApiAuth], syncApiRoute.checkSync, apiResultHandler);
     route(GET, '/api/sync/changed', [auth.checkApiAuth], syncApiRoute.getChanged, apiResultHandler);
     route(PUT, '/api/sync/update', [auth.checkApiAuth], syncApiRoute.update, apiResultHandler);
     route(POST, '/api/sync/finished', [auth.checkApiAuth], syncApiRoute.syncFinished, apiResultHandler);