CSRF protection for eventsource

author: Robin Appelman <icewind@owncloud.com> 2012-07-22 16:36:09 +0200
committer: Robin Appelman <icewind@owncloud.com> 2012-07-22 16:37:49 +0200
commit: b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b (patch)
tree: 708e1ea6d1f19c5d5b961a81fa9a28ef03e6c534 /core/js
parent: a49c07cf88f5093ab9a5af15384296aa2acbcd6d (diff)
download: nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.tar.gz
nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/core/js/eventsource.js b/core/js/eventsource.js
index 08259e02cae..e3ad7e3a671 100644
--- a/core/js/eventsource.js
+++ b/core/js/eventsource.js
@@ -40,6 +40,7 @@ OC.EventSource=function(src,data){
 			dataStr+=name+'='+encodeURIComponent(data[name])+'&';
 		}
 	}
+	dataStr+='requesttoken='+OC.EventSource.requesttoken;
 	if(!this.useFallBack && typeof EventSource !='undefined'){
 		this.source=new EventSource(src+'?'+dataStr);
 		this.source.onmessage=function(e){
author	Robin Appelman <icewind@owncloud.com>	2012-07-22 16:36:09 +0200
committer	Robin Appelman <icewind@owncloud.com>	2012-07-22 16:37:49 +0200
commit	b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b (patch)
tree	708e1ea6d1f19c5d5b961a81fa9a28ef03e6c534 /core/js
parent	a49c07cf88f5093ab9a5af15384296aa2acbcd6d (diff)
download	nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.tar.gz nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.zip