You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/04 16:22:38 UTC

[ofbiz-plugins] 02/02: Adds the meta CSRF token for Ajax

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit aa26d8f0cfeea2035d638d8b9ee34a173f2a7860
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sat Mar 28 09:54:12 2020 +0100

    Adds the meta CSRF token for Ajax
---
 ecommerce/template/includes/HeaderHead.ftl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 0ceb444..fb0ae48 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,6 +25,11 @@ under the License.
 <head>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+  <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
+    <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
+  </#if>
+  
   <title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
     : ${(productStore.storeName)!}
   </title>