Repository: couchdb-fauxton Updated Branches: refs/heads/master 390e902b3 -> ed68b83d8
Use CSRF protection if available COUCHDB-2762 Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/ed68b83d Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/ed68b83d Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/ed68b83d Branch: refs/heads/master Commit: ed68b83d8a23a3da31249697fd33abe05c3e68a9 Parents: 390e902 Author: Robert Newson <[email protected]> Authored: Mon Aug 3 13:38:44 2015 +0100 Committer: Robert Newson <[email protected]> Committed: Mon Aug 3 16:05:37 2015 +0100 ---------------------------------------------------------------------- app/app.js | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ed68b83d/app/app.js ---------------------------------------------------------------------- diff --git a/app/app.js b/app/app.js index 6483e5a..f33e6db 100644 --- a/app/app.js +++ b/app/app.js @@ -63,6 +63,33 @@ function (app, $, _, Backbone, Bootstrap, Helpers, Utils, FauxtonAPI, Couchdb) { // Localize or create a new JavaScript Template object var JST = window.JST = window.JST || {}; + var parseCookies = function (cookies) { + if (!cookies) { + return {}; + } + return _.reduce(cookies.split(';'), function (list, cookie) { + var parts = cookie.split('='); + list[parts.shift().trim()] = decodeURI(parts.join('=')); + return list; + }, {}); + }; + + $._ajax = $.ajax; + + $.ajax = function (settings) { + var cookies = parseCookies(document.cookie); + var csrf = cookies['CouchDB-CSRF'] ? cookies['CouchDB-CSRF'] : 'true'; + var origBeforeSend = settings.beforeSend; + var newBeforeSend = function (xhr) { + if (origBeforeSend) { + origBeforeSend(xhr); + } + xhr.setRequestHeader('X-CouchDB-CSRF', csrf); + }; + settings.beforeSend = newBeforeSend; + return $._ajax(settings); + }; + // Configure LayoutManager with Backbone Boilerplate defaults FauxtonAPI.Layout.configure({ // Allow LayoutManager to augment Backbone.View.prototype.
