X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Froutes%2Fusers.js;h=2b38c37faa8782c3af53fab90a78ba72150185f5;hp=11966754573d0687f6753fbcf51dbb88c54c940c;hb=e57c4de4148d43e7635e09adcde4e56585aea303;hpb=e01e086d96f3c0f04761d269e6a34ba0b6014a56

diff --git a/server/routes/users.js b/server/routes/users.js
index 11966754..2b38c37f 100644
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -34,7 +34,7 @@ router.post('/register', access.unlogged, access.ajax, (req,res) => {
 });
 
 // NOTE: this method is safe because the sessionToken must be guessed
-router.get("/whoami", (req,res) => {
+router.get("/whoami", access.ajax, (req,res) => {
   const callback = (user) => {
     res.json({
       name: user.name,