diff options
Diffstat (limited to 'src/usr/local/www/csrf/csrf-magic.js')
-rw-r--r-- | src/usr/local/www/csrf/csrf-magic.js | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.js b/src/usr/local/www/csrf/csrf-magic.js index a889773..0989c10 100644 --- a/src/usr/local/www/csrf/csrf-magic.js +++ b/src/usr/local/www/csrf/csrf-magic.js @@ -40,13 +40,11 @@ CsrfMagic.prototype = { send: function(data) { if (!this.csrf_isPost) return this.csrf_send(data); prepend = csrfMagicName + '=' + csrfMagicToken + '&'; - - // Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers - // if (this.csrf_purportedLength === undefined) { - // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); - // delete this.csrf_purportedLength; - // } - + // XXX: Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers + // if (this.csrf_purportedLength === undefined) { + // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); + // delete this.csrf_purportedLength; + // } delete this.csrf_isPost; return this.csrf_send(prepend + data); }, @@ -89,6 +87,10 @@ CsrfMagic.prototype._updateProps = function() { } } CsrfMagic.process = function(base) { + if(typeof base == 'object') { + base[csrfMagicName] = csrfMagicToken; + return base; + } var prepend = csrfMagicName + '=' + csrfMagicToken; if (base) return prepend + '&' + base; return prepend; |