composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°7124 - [SECU] Cross-Site Request Forgery (CSRF) in several iTop pages (finalize implementation)

Browse Source
This commit is contained in:
jf-cbd
2024-06-07 14:18:14 +02:00
parent d4b342a35d
commit 98f946c871
10 changed files with 31 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
js/utils.js
View File

@@ -1296,6 +1296,23 @@ const CombodoInlineImage = {
}
};
/**
* Abstract Fetch API wrapper to manage AJAX requests in iTop.
*/
const CombodoHTTP = {
/**
* @param {string} sUrl URL to fetch
* @param {Object} oOptions Fetch options
* @return {Promise<Response>}
*/
Fetch: function(sUrl, oOptions) {
oOptions = oOptions || {};
oOptions.headers = oOptions.headers || {};
oOptions.headers['X-Combodo-Ajax'] = true;
return fetch(sUrl, oOptions);
}
}
/**
* Abstract wrapper to manage modal dialogs in iTop.
* Implementations for the various GUIs may vary but APIs are the same.