Fix xsrf-token verification in async calls

The previous behaviour only checked xsrf-token in headers, but it can be informed in a token as well.
author: Caio Carrara <ccarrara@thoughtworks.com> 2016-06-24 14:58:39 -0300
committer: Caio Carrara <ccarrara@thoughtworks.com> 2016-06-27 16:32:58 -0300
commit: 85094ff8caac585cbff260fe89a6f21df241fd47 (patch)
tree: 6b5427a800ad9493f0639ec4fce654e1fef38ea7 /service/pixelated/resources/root_resource.py
parent: 546c3d0ab51914645b0d5aa2890acc982949ccf6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/service/pixelated/resources/root_resource.py b/service/pixelated/resources/root_resource.py
index c9808a03..6886dda6 100644
--- a/service/pixelated/resources/root_resource.py
+++ b/service/pixelated/resources/root_resource.py
@@ -70,7 +70,7 @@ class RootResource(BaseResource):
 
         ajax_request = (request.getHeader('x-requested-with') == 'XMLHttpRequest')
         if ajax_request:
-            xsrf_header = request.getHeader('x-xsrf-token')
+            xsrf_header = xsrf_token or request.getHeader('x-xsrf-token')
             return xsrf_header and xsrf_header == xsrf_token
 
         get_request = (request.method == 'GET')
author	Caio Carrara <ccarrara@thoughtworks.com>	2016-06-24 14:58:39 -0300
committer	Caio Carrara <ccarrara@thoughtworks.com>	2016-06-27 16:32:58 -0300
commit	85094ff8caac585cbff260fe89a6f21df241fd47 (patch)
tree	6b5427a800ad9493f0639ec4fce654e1fef38ea7 /service/pixelated/resources/root_resource.py
parent	546c3d0ab51914645b0d5aa2890acc982949ccf6 (diff)