diff --git a/src/Umbraco.Web.UI.Client/src/init.js b/src/Umbraco.Web.UI.Client/src/init.js index d6244e5a06..70ad95cf60 100644 --- a/src/Umbraco.Web.UI.Client/src/init.js +++ b/src/Umbraco.Web.UI.Client/src/init.js @@ -1,6 +1,16 @@ /** Executed when the application starts, binds to events and set global state */ -app.run(['userService', '$log', '$rootScope', '$location', 'navigationService', 'appState', 'editorState', 'fileManager', 'assetsService','eventsService', 'umbRequestHelper', - function (userService, $log, $rootScope, $location, navigationService, appState, editorState, fileManager, assetsService, eventsService, umbRequestHelper) { +app.run(['userService', '$log', '$rootScope', '$location', 'navigationService', 'appState', 'editorState', 'fileManager', 'assetsService', 'eventsService', '$cookies', + function (userService, $log, $rootScope, $location, navigationService, appState, editorState, fileManager, assetsService, eventsService, $cookies) { + + + //This sets the default jquery ajax headers to include our csrf token, we + // need to user the beforeSend method because our token changes per user/login so + // it cannot be static + $.ajaxSetup({ + beforeSend: function (xhr) { + xhr.setRequestHeader("X-XSRF-TOKEN", $cookies["XSRF-TOKEN"]); + } + }); var firstRun = true; diff --git a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/mediapicker.controller.js b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/mediapicker.controller.js index add6286cd2..2ef6679e90 100644 --- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/mediapicker.controller.js +++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/mediapicker.controller.js @@ -8,10 +8,6 @@ angular.module("umbraco") $scope.multiPicker = (dialogOptions.multiPicker && dialogOptions.multiPicker !== "0") ? true : false; $scope.options = { - //NOTE: This header is very important since we check for csrf on the server side - headers: { - "X-XSRF-TOKEN": $cookies["XSRF-TOKEN"] - }, url: umbRequestHelper.getApiUrl("mediaApiBaseUrl", "PostAddFile"), autoUpload: true, formData: { diff --git a/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js b/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js index 52c6ca6022..6047a555c3 100644 --- a/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js +++ b/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js @@ -26,10 +26,6 @@ function MediaFolderBrowserDashboardController($rootScope, $scope, assetsService $scope.filesUploading = []; $scope.options = { - //NOTE: This header is very important since we check for csrf on the server side - headers: { - "X-XSRF-TOKEN": $cookies["XSRF-TOKEN"] - }, url: umbRequestHelper.getApiUrl("mediaApiBaseUrl", "PostAddFile"), autoUpload: true, disableImageResize: /Android(?!.*Chrome)|Opera/ diff --git a/src/Umbraco.Web.UI.Client/src/views/propertyeditors/folderbrowser/folderbrowser.controller.js b/src/Umbraco.Web.UI.Client/src/views/propertyeditors/folderbrowser/folderbrowser.controller.js index cc392e3998..4f6e366653 100644 --- a/src/Umbraco.Web.UI.Client/src/views/propertyeditors/folderbrowser/folderbrowser.controller.js +++ b/src/Umbraco.Web.UI.Client/src/views/propertyeditors/folderbrowser/folderbrowser.controller.js @@ -19,11 +19,7 @@ angular.module("umbraco") if(!$scope.creating){ $scope.filesUploading = []; - $scope.options = { - //NOTE: This header is very important since we check for csrf on the server side - headers: { - "X-XSRF-TOKEN": $cookies["XSRF-TOKEN"] - }, + $scope.options = { url: umbRequestHelper.getApiUrl("mediaApiBaseUrl", "PostAddFile"), autoUpload: true, disableImageResize: /Android(?!.*Chrome)|Opera/