Commit 1c1ce06f authored by Simon Chabot's avatar Simon Chabot
Browse files

fix(csrf): give CSRF token when using /ajax route

--HG--
branch : 3.32
parent 4243e256adc7
......@@ -17,6 +17,24 @@
* with CubicWeb. If not, see <https://www.gnu.org/licenses/>.
*/
function getCookie(name) {
let cookieValue = null;
if (document.cookie && document.cookie !== '') {
const cookies = document.cookie.split(';');
for (let i = 0; i < cookies.length; i++) {
const cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
const CSRF_TOKEN = getCookie('csrf_token');
/**
* .. function:: Deferred
*
......@@ -378,6 +396,7 @@ function loadRemote(url, form, reqtype, sync) {
type: (reqtype || 'POST').toUpperCase(),
data: form,
traditional: true,
headers: { 'X-CSRF-Token': CSRF_TOKEN },
async: true,
beforeSend: function(xhr) {
......@@ -415,6 +434,7 @@ function loadRemote(url, form, reqtype, sync) {
data: form,
traditional: true,
async: false,
headers: { 'X-CSRF-Token': CSRF_TOKEN },
success: function(res) {
result = res;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment