frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

send CSRF token in a response header,

Browse Source 
update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint
This commit is contained in:
glaszig
2019-08-06 21:34:58 +02:00
parent 8f3489cd4a
commit da69d3d768
11 changed files with 48 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ajax/bandwidth/get_bandwidth.php
View File

@@ -1,8 +1,10 @@
<?php
require('includes/csrf.php');
require_once '../../includes/config.php';
require_once RASPI_CONFIG.'/raspap.php';
session_start();
header('X-Frame-Options: DENY');
header("Content-Security-Policy: default-src 'none'; connect-src 'self'");
require_once '../../includes/authenticate.php';