frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

send CSRF token in a response header,

Browse Source 
update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint
This commit is contained in:
glaszig
2019-08-06 21:34:58 +02:00
parent 8f3489cd4a
commit da69d3d768
11 changed files with 48 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ajax/bandwidth/get_bandwidth_hourly.php
View File

@@ -1,4 +1,7 @@
<?php
require('includes/csrf.php');
if (filter_input(INPUT_GET, 'tu') == 'h') {
header('X-Content-Type-Options: nosniff');