Commit 1abbf605 authored by Nick Stenning's avatar Nick Stenning

Set CSRF token for session headers explicitly

angular/angular.js@5da1256fc2812d5b28fb0af0de81256054856369 made it
impossible for `transformRequest` functions to modify request headers,
so instead we maintain a global header map which is updated when the
session is updated.
parent 6338b75e
......@@ -59,10 +59,12 @@ function sessionActions(options) {
* @ngInject
*/
function session($document, $http, $resource, $rootScope, flash) {
// TODO: Move accounts data management (e.g. profile, edit_profile,
// disable_user, etc) into another module with another route.
// Headers sent by every request made by the session service.
var headers = {};
// TODO: Move accounts data management (e.g. profile, edit_profile,
// disable_user, etc) into another module with another route.
var actions = sessionActions({
transformRequest: prepare,
headers: headers,
transformResponse: process,
withCredentials: true
});
......@@ -117,6 +119,11 @@ function session($document, $http, $resource, $rootScope, flash) {
// Copy the model data (including the CSRF token) into `resource.state`.
angular.copy(model, resource.state);
// Set up subsequent requests to send the CSRF token in the headers.
if (resource.state.csrf) {
headers[$http.defaults.xsrfHeaderName] = resource.state.csrf;
}
// Replace lastLoad with the latest data, and update lastLoadTime.
lastLoad = {$promise: Promise.resolve(model), $resolved: true};
lastLoadTime = Date.now();
......@@ -129,14 +136,6 @@ function session($document, $http, $resource, $rootScope, flash) {
return model;
};
function prepare(data, headersGetter) {
var csrfTok = resource.state.csrf;
if (typeof csrfTok !== 'undefined') {
headersGetter()[$http.defaults.xsrfHeaderName] = csrfTok;
}
return angular.toJson(data);
}
function process(data, headersGetter) {
// Parse as json
data = angular.fromJson(data);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment