admin: avoid CSRF: use POST instead of GET, mainly for synchronisation methods

admin/static/js/app.js

@@ -616,7 +616,7 @@ angular.module("FICApp")
 	    $scope.inSync = true;
 	    $http({
 		url: "/api/sync/themes",
-		method: "GET"
+		method: "POST"
 	    }).then(function(response) {
 		$scope.inSync = false;
 		$scope.themes = Theme.query();
@@ -651,7 +651,7 @@ angular.module("FICApp")
 	    $scope.inSync = true;
 	    $http({
 		url: "/api/sync/themes/" + $scope.theme.id + "/exercices",
-		method: "GET"
+		method: "POST"
 	    }).then(function(response) {
 		$scope.inSync = false;
 		$scope.theme = Theme.get({ themeId: $routeParams.themeId });
@@ -760,7 +760,7 @@ angular.module("FICApp")
 	    $scope.inSync = true;
 	    $http({
 		url: "/api/sync/exercices/" + $routeParams.exerciceId + "/files",
-		method: "GET"
+		method: "POST"
 	    }).then(function(response) {
 		$scope.inSync = false;
 		$scope.files = ExerciceFile.query({ exerciceId: $routeParams.exerciceId });
@@ -798,7 +798,7 @@ angular.module("FICApp")
 	    $scope.inSync = true;
 	    $http({
 		url: "/api/sync/exercices/" + $routeParams.exerciceId + "/hints",
-		method: "GET"
+		method: "POST"
 	    }).then(function(response) {
 		$scope.inSync = false;
 		$scope.hints = ExerciceHint.query({ exerciceId: $routeParams.exerciceId });
@@ -836,7 +836,7 @@ angular.module("FICApp")
 	    $scope.inSync = true;
 	    $http({
 		url: "/api/sync/exercices/" + $routeParams.exerciceId + "/keys",
-		method: "GET"
+		method: "POST"
 	    }).then(function(response) {
 		$scope.inSync = false;
 		$scope.keys = ExerciceKey.query({ exerciceId: $routeParams.exerciceId });
@@ -900,7 +900,7 @@ angular.module("FICApp")
 	$scope.generateCertificate = function() {
 	    $http({
 		url: "/api/teams/" + Math.floor($routeParams.teamId) + "/certificate/generate",
-		method: "GET",
+		method: "POST",
 		transformResponse: null
 	    }).then(function(response) {
 		$scope.hasCertificate = true;