You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/04 16:22:38 UTC
[ofbiz-plugins] 02/02: Adds the meta CSRF token for Ajax
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit aa26d8f0cfeea2035d638d8b9ee34a173f2a7860
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sat Mar 28 09:54:12 2020 +0100
Adds the meta CSRF token for Ajax
---
ecommerce/template/includes/HeaderHead.ftl | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 0ceb444..fb0ae48 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,6 +25,11 @@ under the License.
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+ <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+ <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
+ <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
+ </#if>
+
<title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
: ${(productStore.storeName)!}
</title>