From ceb9593f5d08814dd0dfe4d83030fc403078b5cd Mon Sep 17 00:00:00 2001
From: Ilia Motornyi <elmot@vaadin.com>
Date: Wed, 11 Jul 2018 13:24:21 +0300
Subject: Add xsrf token header if cookie is present (#11034)

Fixes #9471
---
 server/src/main/resources/VAADIN/vaadinBootstrap.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'server')

diff --git a/server/src/main/resources/VAADIN/vaadinBootstrap.js b/server/src/main/resources/VAADIN/vaadinBootstrap.js
index 7cf133ac56..a6830f434b 100644
--- a/server/src/main/resources/VAADIN/vaadinBootstrap.js
+++ b/server/src/main/resources/VAADIN/vaadinBootstrap.js
@@ -37,6 +37,11 @@
         }
     };
 
+    var getCookie = function (cname) {
+        var b = document.cookie.match('(^|;)\\s*' + cname + '\\s*=\\s*([^;]+)');
+        return b ? b.pop() : '';
+    };
+
     var isWidgetsetLoaded = function (widgetset) {
         var className = widgetset.replace(/\./g, "_");
         return (typeof window[className]) != "undefined";
@@ -195,6 +200,12 @@
                 };
                 // send parameters as POST data
                 r.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+
+                var xsrfToken = getCookie("XSRF-TOKEN");
+                if (xsrfToken && xsrfToken.length > 0) {
+                    r.setRequestHeader("X-XSRF-TOKEN", xsrfToken);
+                }
+
                 r.send(params);
 
                 log('sending request to ', url);
-- 
cgit v1.2.3