send proper csrf header

4 years ago · 56097d5629
3 changed files with 1 additions and 12 deletions
--- a/includes/csrf.php
+++ b/includes/csrf.php
@ -6,6 +6,3 @@ include_once('session.php');
 if (csrfValidateRequest() && !CSRFValidate()) {
  handleInvalidCSRFToken();
 }
-
-ensureCSRFSessionToken();
-header('X-CSRF-Token', $_SESSION['csrf_token']);
--- a/index.php
+++ b/index.php
@ -19,6 +19,7 @@
 */

 require('includes/csrf.php');
+ensureCSRFSessionToken();

 include_once('includes/config.php');
 include_once(RASPI_CONFIG.'/raspap.php');
--- a/js/custom.js
+++ b/js/custom.js
@ -167,14 +167,6 @@ function setCSRFTokenHeader(event, xhr, settings) {
    }
 }

-function updateCSRFTokens(event, xhr, settings) {
-    var newToken = xhr.getResponseHeader("X-CSRF-Token");
-    if (newToken) {
-        $('meta[name=csrf_token]').attr('content', newToken);
-        $('[name=csrf_token]:input').attr('value', newToken);
-    }
-}
-
 function contentLoaded() {
    pageCurrent = window.location.href.split("?")[1].split("=")[1];
    pageCurrent = pageCurrent.replace("#","");
@ -190,5 +182,4 @@ function contentLoaded() {

 $(document)
    .ajaxSend(setCSRFTokenHeader)
-    .ajaxComplete(updateCSRFTokens)
    .ready(contentLoaded);