github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 22:11:26 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: correct our CSRF implementation to be much more aggressive

Browse Source
This commit is contained in:
Sam
2013-07-29 15:13:13 +10:00
parent 4a20d09523
commit aa6c92922d
8 changed files with 58 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/assets/javascripts/discourse.js
View File

@ -132,8 +132,11 @@ Discourse = Ember.Application.createWithMixins(Discourse.Ajax, {
// Add a CSRF token to all AJAX requests
var csrfToken = $('meta[name=csrf-token]').attr('content');
$.ajaxPrefilter(function(options, originalOptions, xhr) {
if (!options.crossDomain) {
// This may be delay set
csrfToken = csrfToken || $('meta[name=csrf-token]').attr('content');
xhr.setRequestHeader('X-CSRF-Token', csrfToken);
}
});