From ca1418fc0135d52a009ab218d6e24187fb355a3c Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Sat, 14 Feb 2026 09:09:10 -0800
Subject: security: implement CSRF protection and improve session cookie
 security (fixing NK-gfh33y)

---
 frontend/src/components/Settings.tsx | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'frontend/src/components/Settings.tsx')

diff --git a/frontend/src/components/Settings.tsx b/frontend/src/components/Settings.tsx
index b4f6a3b..3f508e9 100644
--- a/frontend/src/components/Settings.tsx
+++ b/frontend/src/components/Settings.tsx
@@ -1,6 +1,7 @@
 import React, { useEffect, useState } from 'react';
 import type { Feed } from '../types';
 import './Settings.css';
+import { apiFetch } from '../utils';
 
 export default function Settings() {
   const [feeds, setFeeds] = useState<Feed[]>([]);
@@ -10,7 +11,7 @@ export default function Settings() {
 
   const fetchFeeds = () => {
     setLoading(true);
-    fetch('/api/feed/')
+    apiFetch('/api/feed/')
       .then((res) => {
         if (!res.ok) throw new Error('Failed to fetch feeds');
         return res.json();
@@ -36,7 +37,7 @@ export default function Settings() {
     if (!newFeedUrl) return;
 
     setLoading(true);
-    fetch('/api/feed/', {
+    apiFetch('/api/feed/', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ url: newFeedUrl }),
@@ -59,7 +60,7 @@ export default function Settings() {
     if (!globalThis.confirm('Are you sure you want to delete this feed?')) return;
 
     setLoading(true);
-    fetch(`/api/feed/${id}`, {
+    apiFetch(`/api/feed/${id}`, {
       method: 'DELETE',
     })
       .then((res) => {
-- 
cgit v1.2.3