Added CSRF protection to all ajax requests

2021-11-29 09:13:21 +00:00 · 2021-11-29 09:13:21 +00:00 · 6a898bc2dc
commit 6a898bc2dc
parent 2cf3329131
2 changed files with 22 additions and 0 deletions
--- a/ref-test/admin/templates/admin/components/base.html
+++ b/ref-test/admin/templates/admin/components/base.html
@ -53,6 +53,17 @@
            crossorigin="anonymous"
        ></script>
        <!-- Custom js -->
+        <script type="text/javascript">
+            var csrf_token = "{{ csrf_token() }}";
+        
+            $.ajaxSetup({
+                beforeSend: function(xhr, settings) {
+                    if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
+                        xhr.setRequestHeader("X-CSRFToken", csrf_token);
+                    }
+                }
+            });
+        </script>
        <script
            type="text/javascript"
            src="{{ url_for('.static', filename='js/script.js') }}"
--- a/ref-test/quiz/templates/quiz/components/base.html
+++ b/ref-test/quiz/templates/quiz/components/base.html
@ -51,6 +51,17 @@
            crossorigin="anonymous"
        ></script>
        <!-- Custom js -->
+        <script type="text/javascript">
+            var csrf_token = "{{ csrf_token() }}";
+        
+            $.ajaxSetup({
+                beforeSend: function(xhr, settings) {
+                    if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
+                        xhr.setRequestHeader("X-CSRFToken", csrf_token);
+                    }
+                }
+            });
+        </script>
        <script
            type="text/javascript"
            src="{{ url_for('.static', filename='js/script.js') }}"