Implement suggestions from @bennothommo
This commit is contained in:
Luke Towers
parent
f542ca8e90
commit
096ccf875d
|
|
@ -269,7 +269,7 @@ class Controller
|
|||
$response = Response::make($result, $this->statusCode);
|
||||
|
||||
if (Config::get('cms.enableCsrfProtection')) {
|
||||
$this->addCsrfCookie($response);
|
||||
$this->addXsrfCookie($response);
|
||||
}
|
||||
|
||||
return $response;
|
||||
|
|
@ -1595,9 +1595,9 @@ class Controller
|
|||
/**
|
||||
* Adds anti-CSRF cookie.
|
||||
* Adds a cookie with a token for CSRF checks to the response.
|
||||
* @return void
|
||||
* @return Response
|
||||
*/
|
||||
protected function addCsrfCookie(\Illuminate\Http\Response $response)
|
||||
protected function addXsrfCookie(\Illuminate\Http\Response $response)
|
||||
{
|
||||
$config = Config::get('session');
|
||||
|
||||
|
|
@ -1605,7 +1605,7 @@ class Controller
|
|||
new Cookie(
|
||||
'XSRF-TOKEN',
|
||||
Session::token(),
|
||||
Carbon::now()->addSeconds(60 * $config['lifetime'])->getTimestamp(),
|
||||
Carbon::now()->addMinutes((int) $config['lifetime'])->getTimestamp(),
|
||||
$config['path'],
|
||||
$config['domain'],
|
||||
$config['secure'],
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ useFiles=false}
|
|||
if($.type(loading)=='string'){loading=$(loading)}
|
||||
var requestHeaders={'X-OCTOBER-REQUEST-HANDLER':handler,'X-OCTOBER-REQUEST-PARTIALS':this.extractPartials(options.update)}
|
||||
if(useFlash){requestHeaders['X-OCTOBER-REQUEST-FLASH']=1}
|
||||
var csrfToken=getCSRFToken()
|
||||
var csrfToken=getXSRFToken()
|
||||
if(csrfToken){requestHeaders['X-XSRF-TOKEN']=csrfToken}
|
||||
var requestData,inputName,data={}
|
||||
$.each($el.parents('[data-request-data]').toArray().reverse(),function extendRequest(){$.extend(data,paramToObj('data-request-data',$(this).data('request-data')))})
|
||||
|
|
@ -114,7 +114,7 @@ function paramToObj(name,value){if(value===undefined)value=''
|
|||
if(typeof value=='object')return value
|
||||
try{return ocJSON("{"+value+"}")}
|
||||
catch(e){throw new Error('Error parsing the '+name+' attribute value. '+e)}}
|
||||
function getCSRFToken(){var cookieValue=null
|
||||
function getXSRFToken(){var cookieValue=null
|
||||
if(document.cookie&&document.cookie!=''){var cookies=document.cookie.split(';')
|
||||
for(var i=0;i<cookies.length;i++){var cookie=jQuery.trim(cookies[i])
|
||||
if(cookie.substring(0,11)==('XSRF-TOKEN'+'=')){cookieValue=decodeURIComponent(cookie.substring(11))
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ useFiles=false}
|
|||
if($.type(loading)=='string'){loading=$(loading)}
|
||||
var requestHeaders={'X-OCTOBER-REQUEST-HANDLER':handler,'X-OCTOBER-REQUEST-PARTIALS':this.extractPartials(options.update)}
|
||||
if(useFlash){requestHeaders['X-OCTOBER-REQUEST-FLASH']=1}
|
||||
var csrfToken=getCSRFToken()
|
||||
var csrfToken=getXSRFToken()
|
||||
if(csrfToken){requestHeaders['X-XSRF-TOKEN']=csrfToken}
|
||||
var requestData,inputName,data={}
|
||||
$.each($el.parents('[data-request-data]').toArray().reverse(),function extendRequest(){$.extend(data,paramToObj('data-request-data',$(this).data('request-data')))})
|
||||
|
|
@ -114,7 +114,7 @@ function paramToObj(name,value){if(value===undefined)value=''
|
|||
if(typeof value=='object')return value
|
||||
try{return ocJSON("{"+value+"}")}
|
||||
catch(e){throw new Error('Error parsing the '+name+' attribute value. '+e)}}
|
||||
function getCSRFToken(){var cookieValue=null
|
||||
function getXSRFToken(){var cookieValue=null
|
||||
if(document.cookie&&document.cookie!=''){var cookies=document.cookie.split(';')
|
||||
for(var i=0;i<cookies.length;i++){var cookie=jQuery.trim(cookies[i])
|
||||
if(cookie.substring(0,11)==('XSRF-TOKEN'+'=')){cookieValue=decodeURIComponent(cookie.substring(11))
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ if (window.jQuery.request !== undefined) {
|
|||
requestHeaders['X-OCTOBER-REQUEST-FLASH'] = 1
|
||||
}
|
||||
|
||||
var csrfToken = getCSRFToken()
|
||||
var csrfToken = getXSRFToken()
|
||||
if (csrfToken) {
|
||||
requestHeaders['X-XSRF-TOKEN'] = csrfToken
|
||||
}
|
||||
|
|
@ -470,7 +470,7 @@ if (window.jQuery.request !== undefined) {
|
|||
}
|
||||
}
|
||||
|
||||
function getCSRFToken() {
|
||||
function getXSRFToken() {
|
||||
var cookieValue = null
|
||||
if (document.cookie && document.cookie != '') {
|
||||
var cookies = document.cookie.split(';')
|
||||
|
|
|
|||
Loading…
Reference in New Issue