From 9573bdca55ddc5488066d3af525e41ed1d872ea6 Mon Sep 17 00:00:00 2001
From: NavaL <ayoyo@thoughtworks.com>
Date: Wed, 24 Feb 2016 16:33:20 +0100
Subject: Backend and frontend protection against csrf attacks: - root
 resources changes the csrf token cookie everytime it is loaded, in particular
 during the intestitial load during login - it will also add that cookie on
 single user mode - initialize will still load all resources - but they you
 cant access them if the csrf token do not match - all ajax calls needs to add
 the token to the header - non ajax get requests do not need xsrf token
 validation - non ajax post will have to send the token in as a form input or
 in the content

Issue #612
---
 web-ui/app/js/helpers/browser.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'web-ui/app/js/helpers/browser.js')

diff --git a/web-ui/app/js/helpers/browser.js b/web-ui/app/js/helpers/browser.js
index e5be6667..23aa79c8 100644
--- a/web-ui/app/js/helpers/browser.js
+++ b/web-ui/app/js/helpers/browser.js
@@ -23,7 +23,14 @@ define([], function () {
     window.location.replace(url);
   }
 
+  function getCookie(name) {
+    var value = '; ' + document.cookie;
+    var parts = value.split('; ' + name + '=');
+    if (parts.length === 2) return parts.pop().split(';').shift();
+  }
+
   return {
-    redirect: redirect
+    redirect: redirect,
+    getCookie: getCookie
   };
 });
-- 
cgit v1.2.3