CSRF protection for eventsource

author: Robin Appelman <icewind@owncloud.com> 2012-07-22 16:36:09 +0200
committer: Robin Appelman <icewind@owncloud.com> 2012-07-22 16:37:49 +0200
commit: b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b (patch)
tree: 708e1ea6d1f19c5d5b961a81fa9a28ef03e6c534 /core/templates
parent: a49c07cf88f5093ab9a5af15384296aa2acbcd6d (diff)
download: nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.tar.gz
nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index 7e98fdedc2d..dc303ffc1a7 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -33,6 +33,7 @@
 		<script type="text/javascript">
 			$(function() {
 				requesttoken = '<?php echo $_['requesttoken']; ?>';
+				OC.EventSource.requesttoken=requesttoken;
 				$(document).bind('ajaxSend', function(elm, xhr, s){
 					if(requesttoken) {
 						xhr.setRequestHeader('requesttoken', requesttoken);
author	Robin Appelman <icewind@owncloud.com>	2012-07-22 16:36:09 +0200
committer	Robin Appelman <icewind@owncloud.com>	2012-07-22 16:37:49 +0200
commit	b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b (patch)
tree	708e1ea6d1f19c5d5b961a81fa9a28ef03e6c534 /core/templates
parent	a49c07cf88f5093ab9a5af15384296aa2acbcd6d (diff)
download	nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.tar.gz nextcloud-server-b1010160b363223c1e1c1cc7137dfb8e9aa3ab5b.zip