diff options
| author | Christian Reiner <arkascha@balder.site> | 2012-09-28 13:30:44 +0200 |
|---|---|---|
| committer | Christian Reiner <arkascha@balder.site> | 2012-09-28 13:30:44 +0200 |
| commit | 743826bbf34b82b92371cf7e9b0478897188c046 (patch) | |
| tree | 4bef4f89d23e82698e3a2bdca39841e1ce3e737a /core/templates/layout.user.php | |
| parent | a7292e897a70a2f7e79f61396d4888cb694f0860 (diff) | |
| download | nextcloud-server-743826bbf34b82b92371cf7e9b0478897188c046.tar.gz nextcloud-server-743826bbf34b82b92371cf7e9b0478897188c046.zip | |
Reimplementation of CSRF protection including autorefresh
Diffstat (limited to 'core/templates/layout.user.php')
| -rw-r--r-- | core/templates/layout.user.php | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index 679be2657d4..25af64c8d57 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -11,6 +11,8 @@ var oc_webroot = '<?php echo OC::$WEBROOT; ?>'; var oc_appswebroots = <?php echo $_['apps_paths'] ?>; var oc_current_user = '<?php echo OC_User::getUser() ?>'; + var oc_requesttoken = '<?php echo OC_Util::callRegister(); ?>'; + var oc_requestlifespan = '<?php echo OC_Util::$callLifespan; ?>'; </script> <?php foreach($_['jsfiles'] as $jsfile): ?> <script type="text/javascript" src="<?php echo $jsfile; ?>"></script> @@ -24,13 +26,6 @@ echo '/>'; ?> <?php endforeach; ?> - <script type="text/javascript"> - requesttoken = '<?php echo $_['requesttoken']; ?>'; - OC.EventSource.requesttoken=requesttoken; - $(document).bind('ajaxSend', function(elm, xhr, s) { - xhr.setRequestHeader('requesttoken', requesttoken); - }); - </script> </head> <body id="<?php echo $_['bodyid'];?>"> |