endorse () {
        var req = new XMLHttpRequest();
        req.open('POST', '/protected/endorse', true);
        req.setRequestHeader('Content-type', 'application/json');
        req.setRequestHeader('x-access-token', localStorage.getItem("loginToken"));