You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/27 16:30:10 UTC

[ofbiz-plugins] 02/03: Adds the meta CSRF token for Ajax

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit 11250f22d8dac1df399f04918ba90f89acfa8c6b
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sat Mar 28 09:54:12 2020 +0100

    Adds the meta CSRF token for Ajax
---
 ecommerce/template/includes/HeaderHead.ftl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 7400674..96da9d5 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,6 +25,11 @@ under the License.
 <head>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+  <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
+    <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
+  </#if>
+  
   <title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
     : ${(productStore.storeName)!}
   </title>