Require CSRF token for non WebDAV authenticated requests

author: Lukas Reschke <lukas@owncloud.com> 2016-02-16 13:16:52 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2016-02-18 11:18:36 +0100
commit: 9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49 (patch)
tree: f8596a0490e5fa72a382233d9ed72606fc79e669 /core/js/files
parent: 3a97a0ad7fa14b803c2ecb55faf24607011eae6e (diff)
download: nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.tar.gz
nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/core/js/files/client.js b/core/js/files/client.js
index a7f393d325f..0bf5a69e19c 100644
--- a/core/js/files/client.js
+++ b/core/js/files/client.js
@@ -37,7 +37,10 @@
 		}
 
 		url += options.host + this._root;
-		this._defaultHeaders = options.defaultHeaders || {'X-Requested-With': 'XMLHttpRequest'};
+		this._defaultHeaders = options.defaultHeaders || {
+				'X-Requested-With': 'XMLHttpRequest',
+				'requesttoken': OC.requestToken
+			};
 		this._baseUrl = url;
 
 		var clientOptions = {
author	Lukas Reschke <lukas@owncloud.com>	2016-02-16 13:16:52 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2016-02-18 11:18:36 +0100
commit	9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49 (patch)
tree	f8596a0490e5fa72a382233d9ed72606fc79e669 /core/js/files
parent	3a97a0ad7fa14b803c2ecb55faf24607011eae6e (diff)
download	nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.tar.gz nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.zip