Move csrf-token from data-csrf-token attribute of body to meta tag

2025-03-15 03:29:45 +01:00 · 2018-07-02 00:04:42 +02:00 · 2018-07-02 00:04:42 +02:00 · faa91d5489
commit faa91d5489
parent 7a3d908386
5 changed files with 13 additions and 6 deletions
--- a/admin/assets/js/app.js
+++ b/admin/assets/js/app.js
@ -64,7 +64,7 @@ Formwork.Dashboard = {
            new Formwork.Request({
                method: 'POST',
                url: Formwork.Utils.uriPrependBase('/admin/cache/clear/', location.pathname),
-                data: {'csrf-token': $('body').data('csrf-token')}
+                data: {'csrf-token': $('meta[name=csrf-token]').attr('content')}
            }, function(response) {
                Formwork.Notification(response.message, response.status, 5000);
            });
@ -527,7 +527,7 @@ Formwork.Pages = {
                    sortable.option('disabled', true);

                    var data = {
-                        'csrf-token': $('body').data('csrf-token'),
+                        'csrf-token': $('meta[name=csrf-token]').attr('content'),
                        parent: $(this.el).data('parent'),
                        from: event.oldIndex,
                        to: event.newIndex
--- a/admin/assets/js/app.min.js
+++ b/admin/assets/js/app.min.js
--- a/admin/assets/js/src/components/dashboard.js
+++ b/admin/assets/js/src/components/dashboard.js
@ -4,7 +4,7 @@ Formwork.Dashboard = {
            new Formwork.Request({
                method: 'POST',
                url: Formwork.Utils.uriPrependBase('/admin/cache/clear/', location.pathname),
-                data: {'csrf-token': $('body').data('csrf-token')}
+                data: {'csrf-token': $('meta[name=csrf-token]').attr('content')}
            }, function(response) {
                Formwork.Notification(response.message, response.status, 5000);
            });
--- a/admin/assets/js/src/components/pages.js
+++ b/admin/assets/js/src/components/pages.js
@ -116,7 +116,7 @@ Formwork.Pages = {
                    sortable.option('disabled', true);

                    var data = {
-                        'csrf-token': $('body').data('csrf-token'),
+                        'csrf-token': $('meta[name=csrf-token]').attr('content'),
                        parent: $(this.el).data('parent'),
                        from: event.oldIndex,
                        to: event.newIndex
--- a/admin/views/admin.php
+++ b/admin/views/admin.php
@ -3,6 +3,13 @@
 <head>
    <title>Formwork Admin</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">
+<?php
+    if(isset($csrfToken)):
+?>
+    <meta name="csrf-token" content="<?= $csrfToken ?>">
+<?php
+    endif;
+?>
    <link rel="shortcut icon" href="<?= $this->uri('/assets/images/icon.png') ?>">
    <link rel="stylesheet" href="<?= $this->uri('/assets/css/admin.min.css') ?>">
    <script src="http://code.jquery.com/jquery-3.2.1.min.js"></script>
@ -10,7 +17,7 @@
    <script src="<?= $this->uri('/assets/js/chartist.min.js') ?>"></script>
    <script src="<?= $this->uri('/assets/js/sortable.min.js') ?>"></script>
 </head>
-<body<?php if(isset($csrfToken)): ?> data-csrf-token="<?= $csrfToken ?>"<?php endif; ?>>
+<body>
    <button class="toggle-navigation hide-from-s"><i class="i-bars"></i></button>
    <div class="title-bar"><?= $this->label('admin.panel') ?>
        <a href="<?= $this->siteUri() ?>" class="view-site" target="_blank"><span class="show-from-xs"><?= $this->label('admin.view-site') ?></span> <i class="i-external-link-square"></i></a>