Improve CSRF handling

2017-02-17 01:20:14 +01:00 · 2017-02-17 01:20:14 +01:00 · bef88a9c8b
commit bef88a9c8b
parent d3f9c49f84
1 changed files with 1 additions and 1 deletions
--- a/api.php
+++ b/api.php
@ -1102,7 +1102,7 @@ class PHP_CRUD_API {

 	protected function headersCommand($parameters) {
 		$headers = array();
-		$headers[]='Access-Control-Allow-Headers: Content-Type';
+		$headers[]='Access-Control-Allow-Headers: Content-Type, X-XSRF-Token';
 		$headers[]='Access-Control-Allow-Methods: OPTIONS, GET, PUT, POST, DELETE, PATCH';
 		$headers[]='Access-Control-Allow-Credentials: true';
 		$headers[]='Access-Control-Max-Age: 1728000';