Add CSRF protection to every API call
This commit is contained in:
Joseph Schorr
parent
2e3be90054
commit
21ac1c9210
3 changed files with 28 additions and 1 deletions
|
|
@ -724,7 +724,7 @@ quayApp = angular.module('quay', ['ngRoute', 'chieffancypants.loadingBar', 'rest
|
|||
otherwise({redirectTo: '/'});
|
||||
}]).
|
||||
config(function(RestangularProvider) {
|
||||
RestangularProvider.setBaseUrl('/api/');
|
||||
RestangularProvider.setBaseUrl('/api/');
|
||||
});
|
||||
|
||||
|
||||
|
|
@ -2204,6 +2204,10 @@ quayApp.directive('ngBlur', function() {
|
|||
|
||||
quayApp.run(['$location', '$rootScope', 'Restangular', 'UserService', 'PlanService', '$http', '$timeout',
|
||||
function($location, $rootScope, Restangular, UserService, PlanService, $http, $timeout) {
|
||||
|
||||
// Handle session security.
|
||||
Restangular.setDefaultRequestParams({'_csrf_token': window.__token || ''});
|
||||
|
||||
// Handle session expiration.
|
||||
Restangular.setErrorInterceptor(function(response) {
|
||||
if (response.status == 401) {
|
||||
|
|
|
|||
Reference in a new issue