frodovdr
/
raspap-webgui
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity

send proper csrf header

This commit is contained in:
glaszig 2019-08-07 23:53:04 +02:00
parent 1fddad190f
commit 56097d5629
3 changed files with 1 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
includes/csrf.php
View File

@ -6,6 +6,3 @@ include_once('session.php');
if (csrfValidateRequest() && !CSRFValidate()) { if (csrfValidateRequest() && !CSRFValidate()) {
handleInvalidCSRFToken(); handleInvalidCSRFToken();
} }
ensureCSRFSessionToken();
header('X-CSRF-Token', $_SESSION['csrf_token']);

1
index.php
View File

@ -19,6 +19,7 @@
*/ */
require('includes/csrf.php'); require('includes/csrf.php');
ensureCSRFSessionToken();
include_once('includes/config.php'); include_once('includes/config.php');
include_once(RASPI_CONFIG.'/raspap.php'); include_once(RASPI_CONFIG.'/raspap.php');

9
js/custom.js
View File

@ -167,14 +167,6 @@ function setCSRFTokenHeader(event, xhr, settings) {
} }
} }
function updateCSRFTokens(event, xhr, settings) {
var newToken = xhr.getResponseHeader("X-CSRF-Token");
if (newToken) {
$('meta[name=csrf_token]').attr('content', newToken);
$('[name=csrf_token]:input').attr('value', newToken);
}
}
function contentLoaded() { function contentLoaded() {
pageCurrent = window.location.href.split("?")[1].split("=")[1]; pageCurrent = window.location.href.split("?")[1].split("=")[1];
pageCurrent = pageCurrent.replace("#",""); pageCurrent = pageCurrent.replace("#","");
@ -190,5 +182,4 @@ function contentLoaded() {
$(document) $(document)
.ajaxSend(setCSRFTokenHeader) .ajaxSend(setCSRFTokenHeader)
.ajaxComplete(updateCSRFTokens)
.ready(contentLoaded); .ready(contentLoaded);