Require CSRF token for non WebDAV authenticated requests

author: Lukas Reschke <lukas@owncloud.com> 2016-02-16 13:16:52 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2016-02-18 11:18:36 +0100
commit: 9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49 (patch)
tree: f8596a0490e5fa72a382233d9ed72606fc79e669 /core/js/oc-backbone-webdav.js
parent: 3a97a0ad7fa14b803c2ecb55faf24607011eae6e (diff)
download: nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.tar.gz
nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/core/js/oc-backbone-webdav.js b/core/js/oc-backbone-webdav.js
index ba678a32fcf..1c1b5c71d81 100644
--- a/core/js/oc-backbone-webdav.js
+++ b/core/js/oc-backbone-webdav.js
@@ -240,7 +240,8 @@
 			return options.url;
 		};
 		var headers = _.extend({
-			'X-Requested-With': 'XMLHttpRequest'
+			'X-Requested-With': 'XMLHttpRequest',
+			'requesttoken': OC.requestToken
 		}, options.headers);
 		if (options.type === 'PROPFIND') {
 			return callPropFind(client, options, model, headers);
author	Lukas Reschke <lukas@owncloud.com>	2016-02-16 13:16:52 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2016-02-18 11:18:36 +0100
commit	9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49 (patch)
tree	f8596a0490e5fa72a382233d9ed72606fc79e669 /core/js/oc-backbone-webdav.js
parent	3a97a0ad7fa14b803c2ecb55faf24607011eae6e (diff)
download	nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.tar.gz nextcloud-server-9b3c4e8dc453a674c0f1aee8c60e9d7f24b34e49.zip