diff options
author | Andrew Dolgov <[email protected]> | 2011-12-26 12:02:52 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-12-26 12:02:52 +0400 |
commit | 8484ce22584b8714622833adcc7ebfe3ef9cf90e (patch) | |
tree | 057d7a64c3af60e2389d519ba19e476b5fbe6212 /js/functions.js | |
parent | 036cd3a4106cf2eee0be72f0695458dfb517976b (diff) |
experimental CSRF protection
Diffstat (limited to 'js/functions.js')
-rw-r--r-- | js/functions.js | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/js/functions.js b/js/functions.js index 02134aafa..52201bd65 100644 --- a/js/functions.js +++ b/js/functions.js @@ -1,6 +1,25 @@ var notify_silent = false; var loading_progress = 0; var sanity_check_done = false; +var init_params = {}; + +Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap( + function (callOriginal, options) { + + if (getInitParam("csrf_token") != undefined) { + Object.extend(options, options || { }); + + if (Object.isString(options.parameters)) + options.parameters = options.parameters.toQueryParams(); + else if (Object.isHash(options.parameters)) + options.parameters = options.parameters.toObject(); + + options.parameters["csrf_token"] = getInitParam("csrf_token"); + } + + return callOriginal(options); + } +); /* add method to remove element from array */ |