]> git.wh0rd.org - tt-rss.git/blobdiff - js/functions.js
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
experimental CSRF protection
[tt-rss.git] / js / functions.js
diff --git a/js/functions.js b/js/functions.js
index 02134aafa115727bdacb00ab29e3c36c870cf14f..52201bd656af891c6220bb17f97899153ed35a5d 100644 (file)
--- a/js/functions.js
+++ b/js/functions.js
@@ -1,6 +1,25 @@
 var notify_silent = false;
 var loading_progress = 0;
 var sanity_check_done = false;
+var init_params = {};
+
+Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
+       function (callOriginal, options) {
+
+               if (getInitParam("csrf_token") != undefined) {
+                       Object.extend(options, options || { });
+
+                       if (Object.isString(options.parameters))
+                               options.parameters = options.parameters.toQueryParams();
+                       else if (Object.isHash(options.parameters))
+                               options.parameters = options.parameters.toObject();
+
+                       options.parameters["csrf_token"] = getInitParam("csrf_token");
+               }
+
+               return callOriginal(options);
+       }
+);
 
 /* add method to remove element from array */
 
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/