couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject fauxton commit: updated refs/heads/master to ed68b83
Date Wed, 05 Aug 2015 13:37:53 GMT
Repository: couchdb-fauxton
Updated Branches:
  refs/heads/master 390e902b3 -> ed68b83d8


Use CSRF protection if available

COUCHDB-2762


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/ed68b83d
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/ed68b83d
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/ed68b83d

Branch: refs/heads/master
Commit: ed68b83d8a23a3da31249697fd33abe05c3e68a9
Parents: 390e902
Author: Robert Newson <rnewson@apache.org>
Authored: Mon Aug 3 13:38:44 2015 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Mon Aug 3 16:05:37 2015 +0100

----------------------------------------------------------------------
 app/app.js | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ed68b83d/app/app.js
----------------------------------------------------------------------
diff --git a/app/app.js b/app/app.js
index 6483e5a..f33e6db 100644
--- a/app/app.js
+++ b/app/app.js
@@ -63,6 +63,33 @@ function (app, $, _, Backbone, Bootstrap, Helpers, Utils, FauxtonAPI, Couchdb)
{
   // Localize or create a new JavaScript Template object
   var JST = window.JST = window.JST || {};
 
+  var parseCookies = function (cookies) {
+    if (!cookies) {
+      return {};
+    }
+    return _.reduce(cookies.split(';'), function (list, cookie) {
+      var parts = cookie.split('=');
+      list[parts.shift().trim()] = decodeURI(parts.join('='));
+      return list;
+    }, {});
+  };
+
+  $._ajax = $.ajax;
+
+  $.ajax = function (settings) {
+    var cookies = parseCookies(document.cookie);
+    var csrf = cookies['CouchDB-CSRF'] ? cookies['CouchDB-CSRF'] : 'true';
+    var origBeforeSend = settings.beforeSend;
+    var newBeforeSend = function (xhr) {
+      if (origBeforeSend) {
+        origBeforeSend(xhr);
+      }
+      xhr.setRequestHeader('X-CouchDB-CSRF', csrf);
+    };
+    settings.beforeSend = newBeforeSend;
+    return $._ajax(settings);
+  };
+
   // Configure LayoutManager with Backbone Boilerplate defaults
   FauxtonAPI.Layout.configure({
     // Allow LayoutManager to augment Backbone.View.prototype.


Mime
View raw message