Commit 1abbf605 authored by Nick Stenning's avatar Nick Stenning

Set CSRF token for session headers explicitly

angular/angular.js@5da1256fc2812d5b28fb0af0de81256054856369 made it
impossible for `transformRequest` functions to modify request headers,
so instead we maintain a global header map which is updated when the
session is updated.
parent 6338b75e
...@@ -59,10 +59,12 @@ function sessionActions(options) { ...@@ -59,10 +59,12 @@ function sessionActions(options) {
* @ngInject * @ngInject
*/ */
function session($document, $http, $resource, $rootScope, flash) { function session($document, $http, $resource, $rootScope, flash) {
// TODO: Move accounts data management (e.g. profile, edit_profile, // Headers sent by every request made by the session service.
// disable_user, etc) into another module with another route. var headers = {};
// TODO: Move accounts data management (e.g. profile, edit_profile,
// disable_user, etc) into another module with another route.
var actions = sessionActions({ var actions = sessionActions({
transformRequest: prepare, headers: headers,
transformResponse: process, transformResponse: process,
withCredentials: true withCredentials: true
}); });
...@@ -117,6 +119,11 @@ function session($document, $http, $resource, $rootScope, flash) { ...@@ -117,6 +119,11 @@ function session($document, $http, $resource, $rootScope, flash) {
// Copy the model data (including the CSRF token) into `resource.state`. // Copy the model data (including the CSRF token) into `resource.state`.
angular.copy(model, resource.state); angular.copy(model, resource.state);
// Set up subsequent requests to send the CSRF token in the headers.
if (resource.state.csrf) {
headers[$http.defaults.xsrfHeaderName] = resource.state.csrf;
}
// Replace lastLoad with the latest data, and update lastLoadTime. // Replace lastLoad with the latest data, and update lastLoadTime.
lastLoad = {$promise: Promise.resolve(model), $resolved: true}; lastLoad = {$promise: Promise.resolve(model), $resolved: true};
lastLoadTime = Date.now(); lastLoadTime = Date.now();
...@@ -129,14 +136,6 @@ function session($document, $http, $resource, $rootScope, flash) { ...@@ -129,14 +136,6 @@ function session($document, $http, $resource, $rootScope, flash) {
return model; return model;
}; };
function prepare(data, headersGetter) {
var csrfTok = resource.state.csrf;
if (typeof csrfTok !== 'undefined') {
headersGetter()[$http.defaults.xsrfHeaderName] = csrfTok;
}
return angular.toJson(data);
}
function process(data, headersGetter) { function process(data, headersGetter) {
// Parse as json // Parse as json
data = angular.fromJson(data); data = angular.fromJson(data);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment