]> git.ipfire.org Git - pbs.git/commitdiff
projects / pbs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e415710)
web: Send XSRF token with all ajax requests
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 19 May 2023 16:53:11 +0000 (16:53 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 19 May 2023 16:53:11 +0000 (16:53 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/static/js/pbs.js patch | blob | blame | history
src/templates/base.html patch | blob | blame | history
src/web/base.py patch | blob | blame | history

diff --git a/src/static/js/pbs.js b/src/static/js/pbs.js
index 5996a8b9e530212a18d4f48269ea98f12371711f..f368262e1bf20946d8b2b603e95347611cba35a3 100644 (file)
--- a/src/static/js/pbs.js
+++ b/src/static/js/pbs.js
@@ -4,6 +4,15 @@
        Custom JS
 */
 
+$(document).ready(function() {
+       // Send our XSRF token with all requests
+       $.ajaxSetup({
+               headers: {
+                       "X-Xsrftoken" : $("meta[name=xsrf-token]").attr("content"),
+               }
+       });
+});
+
 /*
        Navigation
 */
diff --git a/src/templates/base.html b/src/templates/base.html
index cc4a91852010da9a8486ad77cea89e197177f101..c4b6cb6c540256d8b9e800b2673062952a676122 100644 (file)
--- a/src/templates/base.html
+++ b/src/templates/base.html
@@ -4,11 +4,13 @@
                <meta charset="utf-8">
                <meta name="viewport" content="width=device-width, initial-scale=1">
                <meta name="description" content="{{ _("Pakfire Build Service") }}">
-               <meta name="author" content="IPFire.org - Pakfire Development Team" />
+               <meta name="author" content="IPFire.org - Pakfire Development Team">
+
+               <meta name="xsrf-token" content="{{ xsrf_token }}">
 
                <title>{{ hostname }} - {% block title %}{{ _("No title given") }}{% end block %}</title>
 
-               <link rel="stylesheet" type="text/css" href="{{ static_url("css/site.css") }}" />
+               <link rel="stylesheet" type="text/css" href="{{ static_url("css/site.css") }}">
        </head>
 
        <body class="is-flex is-flex-direction-column">
diff --git a/src/web/base.py b/src/web/base.py
index 771f7b0aa7e8b752ef614e32ce1cc73422393b61..db3a0f02fd42a86e50fd4ae774cca7b680e75b3f 100644 (file)
--- a/src/web/base.py
+++ b/src/web/base.py
@@ -200,6 +200,7 @@ class BaseHandler(tornado.web.RequestHandler):
                        "format_date"     : self.format_date,
                        "format_size"     : misc.format_size,
                        "version"         : __version__,
+                       "xsrf_token"      : self.xsrf_token,
                        "year"            : time.strftime("%Y"),
                })
 
The pakfire build service repository.