Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
cubicweb
cubicweb
Commits
7959196b0073
Commit
1c1ce06f
authored
Jul 30, 2021
by
Simon Chabot
Browse files
fix(csrf): give CSRF token when using /ajax route
--HG-- branch : 3.32
parent
4243e256adc7
Changes
1
Hide whitespace changes
Inline
Side-by-side
cubicweb/web/data/cubicweb.ajax.js
View file @
7959196b
...
...
@@ -17,6 +17,24 @@
* with CubicWeb. If not, see <https://www.gnu.org/licenses/>.
*/
function
getCookie
(
name
)
{
let
cookieValue
=
null
;
if
(
document
.
cookie
&&
document
.
cookie
!==
''
)
{
const
cookies
=
document
.
cookie
.
split
(
'
;
'
);
for
(
let
i
=
0
;
i
<
cookies
.
length
;
i
++
)
{
const
cookie
=
cookies
[
i
].
trim
();
// Does this cookie string begin with the name we want?
if
(
cookie
.
substring
(
0
,
name
.
length
+
1
)
===
(
name
+
'
=
'
))
{
cookieValue
=
decodeURIComponent
(
cookie
.
substring
(
name
.
length
+
1
));
break
;
}
}
}
return
cookieValue
;
}
const
CSRF_TOKEN
=
getCookie
(
'
csrf_token
'
);
/**
* .. function:: Deferred
*
...
...
@@ -378,6 +396,7 @@ function loadRemote(url, form, reqtype, sync) {
type
:
(
reqtype
||
'
POST
'
).
toUpperCase
(),
data
:
form
,
traditional
:
true
,
headers
:
{
'
X-CSRF-Token
'
:
CSRF_TOKEN
},
async
:
true
,
beforeSend
:
function
(
xhr
)
{
...
...
@@ -415,6 +434,7 @@ function loadRemote(url, form, reqtype, sync) {
data
:
form
,
traditional
:
true
,
async
:
false
,
headers
:
{
'
X-CSRF-Token
'
:
CSRF_TOKEN
},
success
:
function
(
res
)
{
result
=
res
;
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment