Adapt frontend for CSRF in import dialog

2019-10-15 12:04:17 +01:00 · 2019-10-15 12:04:17 +01:00 · f7177e670d
commit f7177e670d
parent 91cead27f8
2 changed files with 25 additions and 5 deletions
--- a/main/webapp/modules/core/scripts/index.js
+++ b/main/webapp/modules/core/scripts/index.js
@ -37,6 +37,26 @@ var Refine = {
  actionAreas: []
 };

+Refine.wrapCSRF = function(onCSRF) {
+   $.get(
+      "command/core/get-csrf-token",
+      {},
+      function(response) {
+         onCSRF(response['token']);
+      },
+      "json"
+   );
+};
+
+Refine.postCSRF = function(url, data, success, dataType) {
+   Refine.wrapCSRF(function(token) {
+      var fullData = data || {};
+      data['csrf_token'] = token;
+      $.post(url, fulldata, success, dataType);
+   });
+};
+
+
 var lang = (navigator.language|| navigator.userLanguage).split("-")[0];
 var dictionary = "";
 $.ajax({
--- a/main/webapp/modules/core/scripts/index/default-importing-controller/controller.js
+++ b/main/webapp/modules/core/scripts/index/default-importing-controller/controller.js
@ -187,7 +187,7 @@ Refine.DefaultImportingController.prototype._ensureFormatParserUIHasInitializati
        $.post(
        "command/core/importing-controller?" + $.param({
            "controller": "core/default-importing-controller",
-            "jobID": this._jobID,
+            "jobID": self._jobID,
            "subCommand": "initialize-parser-ui",
            "format": format,
            "csrf_token": token
@ -219,12 +219,12 @@ Refine.DefaultImportingController.prototype.updateFormatAndOptions = function(op
    $.post(
        "command/core/importing-controller?" + $.param({
        "controller": "core/default-importing-controller",
-        "jobID": this._jobID,
+        "jobID": self._jobID,
        "subCommand": "update-format-and-options",
        "csrf_token": token
        }),
        {
-        "format" : this._format,
+        "format" : self._format,
        "options" : JSON.stringify(options)
        },
        function(o) {
@ -297,12 +297,12 @@ Refine.DefaultImportingController.prototype._createProject = function() {
        $.post(
        "command/core/importing-controller?" + $.param({
            "controller": "core/default-importing-controller",
-            "jobID": this._jobID,
+            "jobID": self._jobID,
            "subCommand": "create-project",
            "csrf_token": token
        }),
        {
-            "format" : this._format,
+            "format" : self._format,
            "options" : JSON.stringify(options)
        },
        function(o) {