diff options
| author | Ilia Motornyi <elmot@vaadin.com> | 2018-07-11 13:24:21 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-07-11 13:24:21 +0300 |
| commit | ceb9593f5d08814dd0dfe4d83030fc403078b5cd (patch) | |
| tree | e6fa02ea85f407cb8b6cf669f462b670b08809c2 /server | |
| parent | b7ac760a0c26d0edc7aa532281a9085766a99a3f (diff) | |
| download | vaadin-framework-ceb9593f5d08814dd0dfe4d83030fc403078b5cd.tar.gz vaadin-framework-ceb9593f5d08814dd0dfe4d83030fc403078b5cd.zip | |
Add xsrf token header if cookie is present (#11034)
Fixes #9471
Diffstat (limited to 'server')
| -rw-r--r-- | server/src/main/resources/VAADIN/vaadinBootstrap.js | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/server/src/main/resources/VAADIN/vaadinBootstrap.js b/server/src/main/resources/VAADIN/vaadinBootstrap.js index 7cf133ac56..a6830f434b 100644 --- a/server/src/main/resources/VAADIN/vaadinBootstrap.js +++ b/server/src/main/resources/VAADIN/vaadinBootstrap.js @@ -37,6 +37,11 @@ } }; + var getCookie = function (cname) { + var b = document.cookie.match('(^|;)\\s*' + cname + '\\s*=\\s*([^;]+)'); + return b ? b.pop() : ''; + }; + var isWidgetsetLoaded = function (widgetset) { var className = widgetset.replace(/\./g, "_"); return (typeof window[className]) != "undefined"; @@ -195,6 +200,12 @@ }; // send parameters as POST data r.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); + + var xsrfToken = getCookie("XSRF-TOKEN"); + if (xsrfToken && xsrfToken.length > 0) { + r.setRequestHeader("X-XSRF-TOKEN", xsrfToken); + } + r.send(params); log('sending request to ', url); |