Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • foreall protected
  • revert-f92d86e7
  • 276538
  • 275805
  • 156058834
  • 283051
  • 157488904
  • security
  • 1799
  • 1713
  • 1750
  • 1800
  • 1798
  • 1797
  • 1796
  • forcomposer protected
  • 8.3.0
  • 8.2.0
  • 8.1.0
  • 8.0.0
  • 7.5.0
  • 7.4.0GA
  • 7.4.0RC
  • 7.3.0H2
  • 7.3.0H1
  • 7.3.0
  • 7.3RC
  • 7.2.0
  • 7.1.0H3
  • 7.1.0
  • 7.1.0RC
  • 7.0.1
  • 7.0.0
  • 6.5.0
  • 6.4.0
36 results
Blame History Permalink
Forked from vtiger / vtigercrm
2876 commits behind the upstream repository.
config.security.php 1.33 KiB 
<?php
/*+*******************************************************************************
 * The contents of this file are subject to the vtiger CRM Public License Version 1.0
 * ("License"); You may not use this file except in compliance with the License
 * The Original Code is:  vtiger CRM Open Source
 * The Initial Developer of the Original Code is vtiger.
 * Portions created by vtiger are Copyright (C) vtiger.
 * All Rights Reserved.
 ********************************************************************************/
/**
 * Vtiger specific custom config startup for CSRF 
 */
function csrf_startup(){
    //Override the default expire time of token 
    $GLOBALS['csrf']['expires'] = 259200;

    /**if an ajax request initiated, then if php serves content with <html> tags
     * as a response, then unnecessarily we are injecting csrf magic javascipt 
     * in the response html at <head> and <body> using csrf_ob_handler(). 
     * So, to overwride above rewriting we need following config.
     */
    if(isAjax()) {
        $GLOBALS['csrf']['frame-breaker'] = false;
        $GLOBALS['csrf']['rewrite-js'] = null;
    }
}

function isAjax() {
    if (!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) {
        return true;
    } elseif (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
        return true;
    }
    return false;
}


?>

Copyright 2023 Vtiger. All rights reserved.