Backend and frontend protection against csrf attacks:

- root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login
- it will also add that cookie on single user mode
- initialize will still load all resources
- but they you cant access them if the csrf token do not match
- all ajax calls needs to add the token to the header
- non ajax get requests do not need xsrf token validation
- non ajax post will have to send the token in as a form input or in the content

Issue #612

1 files changed, 1 insertions, 1 deletions

diff --git a/web-ui/app/js/services/mail_service.js b/web-ui/app/js/services/mail_service.js
index a63d517e..412451cb 100644
--- a/web-ui/app/js/services/mail_service.js
+++ b/web-ui/app/js/services/mail_service.js
@@ -246,7 +246,7 @@ define(
             this.trigger(document, events.mails.available, _.merge({tag: this.attr.currentTag, forSearch: this.attr.lastQuery }, this.parseMails(data)));
           }.bind(this))
           .fail(function () {
-            this.trigger(document, events.ui.userAlerts.displayMessage, { message: i18n('Could not fetch messages') });
+            this.trigger(document, events.ui.userAlerts.displayMessage, { message: i18n('Could not fetch messages'), class: 'error' });
           }.bind(this));
       };