wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/core/js/oc-requesttoken.js
Lukas Reschke cd90685af1 Do not add sensitive request headers for cross domain requests 
Prevents leaking the CSRF token to another third-party domain by mistake.
2015-09-15 11:42:13 +02:00

6 lines
209 B
JavaScript
Raw Blame History

$(document).on('ajaxSend',function(elm, xhr, settings) {
if(settings.crossDomain === false) {
xhr.setRequestHeader('requesttoken', oc_requesttoken);
xhr.setRequestHeader('OCS-APIREQUEST', 'true');
}
});
Reference in a new issue View git blame Copy permalink