Fix Bug 880900 - Add CSRF Token support to SSO requests

mozilla · Jun 8, 2013 · 21de6c6 · 21de6c6
1 parent 8f99098
commit 21de6c6
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/app/http/views/js/sso-ux.js.ejs b/app/http/views/js/sso-ux.js.ejs
@@ -155,7 +155,8 @@
   // Which button do we show?
   var emailMeta = document.querySelector("meta[name='persona-email']"),
       cookieEmail = emailMeta.content ? emailMeta.content : "",
-      loggedIn = !!cookieEmail;
+      loggedIn = !!cookieEmail,
+      csrfMeta = document.querySelector("meta[name='csrf-token']");
 
   /*
     This code has been commented off, but not removed, due to
@@ -183,6 +184,11 @@
         type: 'POST',
         url: '/persona/verify',
         data: {assertion: assertion},
+        beforeSend: function (request) {
+          if(csrfMeta) {
+            request.setRequestHeader("X-CSRF-Token", csrfMeta.content);
+          }
+        },
         success: function(res, status, xhr) {
           ui.checkMaker( { loggedInUser:res.email }, $("#webmaker-nav"), function (err, loggedInUser, displayName) {
             // hook-out to the owning page, so that it can perform a