From d3307cb1536736bf60dd68ca58c8073b3e897b6e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 19 May 2023 16:53:11 +0000 Subject: [PATCH] web: Send XSRF token with all ajax requests Signed-off-by: Michael Tremer --- src/static/js/pbs.js | 9 +++++++++ src/templates/base.html | 6 ++++-- src/web/base.py | 1 + 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/static/js/pbs.js b/src/static/js/pbs.js index 5996a8b9..f368262e 100644 --- a/src/static/js/pbs.js +++ b/src/static/js/pbs.js @@ -4,6 +4,15 @@ Custom JS */ +$(document).ready(function() { + // Send our XSRF token with all requests + $.ajaxSetup({ + headers: { + "X-Xsrftoken" : $("meta[name=xsrf-token]").attr("content"), + } + }); +}); + /* Navigation */ diff --git a/src/templates/base.html b/src/templates/base.html index cc4a9185..c4b6cb6c 100644 --- a/src/templates/base.html +++ b/src/templates/base.html @@ -4,11 +4,13 @@ - + + + {{ hostname }} - {% block title %}{{ _("No title given") }}{% end block %} - + diff --git a/src/web/base.py b/src/web/base.py index 771f7b0a..db3a0f02 100644 --- a/src/web/base.py +++ b/src/web/base.py @@ -200,6 +200,7 @@ class BaseHandler(tornado.web.RequestHandler): "format_date" : self.format_date, "format_size" : misc.format_size, "version" : __version__, + "xsrf_token" : self.xsrf_token, "year" : time.strftime("%Y"), }) -- 2.47.2