Test/vtenext
1
0
Fork 0
mirror of https://github.com/VTECRM/vtenext.git synced 2026-02-26 16:18:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
vtenext/portal/js/csrf.js
davidegiarolo bdfc8accff vtenext ce 20.04.1
2021-04-28 20:10:26 +02:00

83 lines
2.0 KiB
JavaScript
Raw Permalink Blame History

/*************************************
* SPDX-FileCopyrightText: 2009-2020 Vtenext S.r.l. <info@vtenext.com>
* SPDX-License-Identifier: AGPL-3.0-only
************************************/
/* crmv@171581 */
window.VTEPortal = window.VTEPortal || {};
VTEPortal.CSRF = VTEPortal.CSRF || {
inputName: '__csrf_token',
token: null,
/**
* Initialize the CSRF protection
*/
initialize: function(inputName, token) {
var me = this;
me.inputName = inputName;
me.token = token;
me.alterJQueryAjax();
jQuery(document).ready(me.addTokenToForms.bind(me));
},
getCurrentToken: function() {
return window.csrfMagicToken;
},
/**
* Add the csrf token to all forms in the page
* (but not future ones)
*/
addTokenToForms: function() {
var me = this;
var forms = document.getElementsByTagName('form');
for (var i = 0; i < forms.length; ++i) {
var form = forms[i];
if (form.method.toUpperCase() !== 'POST') continue;
if (form.elements[me.inputName]) continue;
var input = document.createElement('input');
input.setAttribute('name', me.inputName);
input.setAttribute('value', me.token);
input.setAttribute('type', 'hidden');
form.appendChild(input); // crmv@201219
}
},
/**
* Rewrite jQuery ajax to inject the csrf token
*/
alterJQueryAjax: function() {
var me = this;
if (window.jQuery) {
jQuery.csrf_ajax = jQuery.ajax;
jQuery.ajax = function(s) {
var method = s.type || s.method;
if (method && method.toUpperCase() == 'POST') {
s = jQuery.extend(true, s, jQuery.extend(true, {}, jQuery.ajaxSettings, s));
if (s.data && s.data instanceof FormData) {
s.data.append(me.inputName, me.token);
} else {
if (s.data && s.processData && typeof s.data != "string") {
s.data = jQuery.param(s.data);
}
// add the anti-csrf token
if (me.inputName) {
s.data = me.inputName + '=' + encodeURIComponent(me.token) + (s.data ? '&' + s.data : '');
}
}
}
return jQuery.csrf_ajax(s);
}
}
}
};
Reference in New Issue View Git Blame Copy Permalink