diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-13 17:33:19 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-13 17:33:19 +0200 |
| commit | 89464721c7aa4464419cbcbedc658843f6c4696d (patch) | |
| tree | a832cf7faa050440aaeb66c3df831d15d0da751a /core | |
| parent | 9e9c40eabd07cc4b44f2a9ae3d7935ad2a07b9fa (diff) | |
| download | nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.tar.gz nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.zip | |
Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.
Diffstat (limited to 'core')
| -rw-r--r-- | core/templates/layout.user.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index e04fcabf137..6f9b02237c9 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -30,6 +30,16 @@ echo '/>'; ?> <?php endforeach; ?> + <script type="text/javascript"> + $(function() { + var requesttoken = '<?php echo $_['requesttoken']; ?>'; + $(document).bind('ajaxSend', function(elm, xhr, s){ + if(requesttoken) { + xhr.setRequestHeader('requesttoken', requesttoken); + } + }); + }); + </script> </head> <body id="<?php echo $_['bodyid'];?>"> |