mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
send proper csrf header
This commit is contained in:
parent
1fddad190f
commit
56097d5629
@ -6,6 +6,3 @@ include_once('session.php');
|
|||||||
if (csrfValidateRequest() && !CSRFValidate()) {
|
if (csrfValidateRequest() && !CSRFValidate()) {
|
||||||
handleInvalidCSRFToken();
|
handleInvalidCSRFToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
ensureCSRFSessionToken();
|
|
||||||
header('X-CSRF-Token', $_SESSION['csrf_token']);
|
|
||||||
|
@ -19,6 +19,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
require('includes/csrf.php');
|
require('includes/csrf.php');
|
||||||
|
ensureCSRFSessionToken();
|
||||||
|
|
||||||
include_once('includes/config.php');
|
include_once('includes/config.php');
|
||||||
include_once(RASPI_CONFIG.'/raspap.php');
|
include_once(RASPI_CONFIG.'/raspap.php');
|
||||||
|
@ -167,14 +167,6 @@ function setCSRFTokenHeader(event, xhr, settings) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function updateCSRFTokens(event, xhr, settings) {
|
|
||||||
var newToken = xhr.getResponseHeader("X-CSRF-Token");
|
|
||||||
if (newToken) {
|
|
||||||
$('meta[name=csrf_token]').attr('content', newToken);
|
|
||||||
$('[name=csrf_token]:input').attr('value', newToken);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function contentLoaded() {
|
function contentLoaded() {
|
||||||
pageCurrent = window.location.href.split("?")[1].split("=")[1];
|
pageCurrent = window.location.href.split("?")[1].split("=")[1];
|
||||||
pageCurrent = pageCurrent.replace("#","");
|
pageCurrent = pageCurrent.replace("#","");
|
||||||
@ -190,5 +182,4 @@ function contentLoaded() {
|
|||||||
|
|
||||||
$(document)
|
$(document)
|
||||||
.ajaxSend(setCSRFTokenHeader)
|
.ajaxSend(setCSRFTokenHeader)
|
||||||
.ajaxComplete(updateCSRFTokens)
|
|
||||||
.ready(contentLoaded);
|
.ready(contentLoaded);
|
||||||
|
Loading…
Reference in New Issue
Block a user