summaryrefslogtreecommitdiffstats
path: root/src/usr/local/www/csrf/csrf-magic.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/local/www/csrf/csrf-magic.js')
-rw-r--r--src/usr/local/www/csrf/csrf-magic.js16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.js b/src/usr/local/www/csrf/csrf-magic.js
index a889773..0989c10 100644
--- a/src/usr/local/www/csrf/csrf-magic.js
+++ b/src/usr/local/www/csrf/csrf-magic.js
@@ -40,13 +40,11 @@ CsrfMagic.prototype = {
send: function(data) {
if (!this.csrf_isPost) return this.csrf_send(data);
prepend = csrfMagicName + '=' + csrfMagicToken + '&';
-
- // Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers
- // if (this.csrf_purportedLength === undefined) {
- // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length);
- // delete this.csrf_purportedLength;
- // }
-
+ // XXX: Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers
+ // if (this.csrf_purportedLength === undefined) {
+ // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length);
+ // delete this.csrf_purportedLength;
+ // }
delete this.csrf_isPost;
return this.csrf_send(prepend + data);
},
@@ -89,6 +87,10 @@ CsrfMagic.prototype._updateProps = function() {
}
}
CsrfMagic.process = function(base) {
+ if(typeof base == 'object') {
+ base[csrfMagicName] = csrfMagicToken;
+ return base;
+ }
var prepend = csrfMagicName + '=' + csrfMagicToken;
if (base) return prepend + '&' + base;
return prepend;
OpenPOWER on IntegriCloud