diff --git a/app/Library/Assets.php b/app/Library/Assets.php
index 80fac979..570bb6d6 100644
--- a/app/Library/Assets.php
+++ b/app/Library/Assets.php
@@ -101,11 +101,13 @@ class Assets
if ($area == 'embed') {
return [
"scripts/base/jquery-2.0.2.js",
+ "scripts/base/jquery.cookie.js",
"scripts/base/jquery.viewport.js",
"scripts/base/underscore.js",
"scripts/base/moment.js",
"scripts/base/jquery.timeago.js",
"scripts/base/soundmanager2-nodebug.js",
+ "scripts/shared/jquery-extensions.js",
"scripts/embed/*.coffee"
];
}
diff --git a/gulpfile.js b/gulpfile.js
index 5334d401..5ee540b5 100644
--- a/gulpfile.js
+++ b/gulpfile.js
@@ -106,11 +106,13 @@ gulp.task("scripts-embed", function () {
var includedScripts = [
"resources/assets/scripts/base/jquery-2.0.2.js",
+ "resources/assets/scripts/base/jquery.cookie.js",
"resources/assets/scripts/base/jquery.viewport.js",
"resources/assets/scripts/base/underscore.js",
"resources/assets/scripts/base/moment.js",
"resources/assets/scripts/base/jquery.timeago.js",
"resources/assets/scripts/base/soundmanager2-nodebug.js",
+ "resources/assets/scripts/shared/jquery-extensions.js",
"resources/assets/scripts/embed/*.coffee"
];
diff --git a/resources/assets/scripts/app/controllers/account-albums-edit.coffee b/resources/assets/scripts/app/controllers/account-albums-edit.coffee
index 57295dbf..3683f8b3 100644
--- a/resources/assets/scripts/app/controllers/account-albums-edit.coffee
+++ b/resources/assets/scripts/app/controllers/account-albums-edit.coffee
@@ -108,7 +108,7 @@ angular.module('ponyfm').controller "account-albums-edit", [
formData.append 'track_ids', _.map($scope.tracks, (t) -> t.id).join()
xhr.open 'POST', url, true
- xhr.setRequestHeader 'X-CSRF-Token', pfm.token
+ xhr.setRequestHeader 'X-XSRF-TOKEN', $.cookie('XSRF-TOKEN')
$scope.isSaving = true
xhr.send formData
@@ -117,7 +117,7 @@ angular.module('ponyfm').controller "account-albums-edit", [
{result: 'ok', label: 'Yes', cssClass: 'btn-danger'}, {result: 'cancel', label: 'No', cssClass: 'btn-primary'}
]).open().then (res) ->
return if res == 'cancel'
- $.post('/api/web/albums/delete/' + $scope.album.id, {_token: window.pfm.token})
+ $.post('/api/web/albums/delete/' + $scope.album.id)
.then -> $scope.$apply ->
$scope.$emit 'album-deleted'
$state.transitionTo 'account.albums'
diff --git a/resources/assets/scripts/app/controllers/account-settings.coffee b/resources/assets/scripts/app/controllers/account-settings.coffee
index 8b1056c7..117c71b0 100644
--- a/resources/assets/scripts/app/controllers/account-settings.coffee
+++ b/resources/assets/scripts/app/controllers/account-settings.coffee
@@ -67,7 +67,7 @@ angular.module('ponyfm').controller "account-settings", [
formData.append name, value
xhr.open 'POST', '/api/web/account/settings/save', true
- xhr.setRequestHeader 'X-CSRF-Token', pfm.token
+ xhr.setRequestHeader 'X-XSRF-TOKEN', $.cookie('XSRF-TOKEN')
$scope.isSaving = true
xhr.send formData
diff --git a/resources/assets/scripts/app/controllers/account-track.coffee b/resources/assets/scripts/app/controllers/account-track.coffee
index 9aa26b51..b6b3c5f3 100644
--- a/resources/assets/scripts/app/controllers/account-track.coffee
+++ b/resources/assets/scripts/app/controllers/account-track.coffee
@@ -116,7 +116,7 @@ angular.module('ponyfm').controller "account-track", [
formData.append 'show_song_ids', _.map(_.values($scope.selectedSongs), (s) -> s.id).join()
xhr.open 'POST', '/api/web/tracks/edit/' + $scope.edit.id, true
- xhr.setRequestHeader 'X-CSRF-Token', pfm.token
+ xhr.setRequestHeader 'X-XSRF-TOKEN', $.cookie('XSRF-TOKEN')
$scope.isSaving = true
xhr.send formData
@@ -151,7 +151,7 @@ angular.module('ponyfm').controller "account-track", [
{result: 'ok', label: 'Yes', cssClass: 'btn-danger'}, {result: 'cancel', label: 'No', cssClass: 'btn-primary'}
]).open().then (res) ->
return if res == 'cancel'
- $.post('/api/web/tracks/delete/' + track.id, {_token: window.pfm.token})
+ $.post('/api/web/tracks/delete/' + track.id)
.then -> $scope.$apply ->
$scope.$emit 'track-deleted'
$state.transitionTo 'account.tracks'
diff --git a/resources/assets/scripts/app/services/auth.coffee b/resources/assets/scripts/app/services/auth.coffee
index 35d2b863..1b366cae 100644
--- a/resources/assets/scripts/app/services/auth.coffee
+++ b/resources/assets/scripts/app/services/auth.coffee
@@ -20,7 +20,7 @@ angular.module('ponyfm').factory('auth', [
data: {isLogged: window.pfm.auth.isLogged, user: window.pfm.auth.user}
login: (email, password, remember) ->
def = new $.Deferred()
- $.post('/api/web/auth/login', {email: email, password: password, remember: remember, _token: pfm.token})
+ $.post('/api/web/auth/login', {email: email, password: password, remember: remember})
.done ->
$rootScope.$apply -> def.resolve()
@@ -29,6 +29,5 @@ angular.module('ponyfm').factory('auth', [
def.promise()
- logout: -> $.post('/api/web/auth/logout', {_token: pfm.token})
+ logout: -> $.post('/api/web/auth/logout')
])
-
diff --git a/resources/assets/scripts/app/services/comments.coffee b/resources/assets/scripts/app/services/comments.coffee
index 3e4c31cb..34d944f9 100644
--- a/resources/assets/scripts/app/services/comments.coffee
+++ b/resources/assets/scripts/app/services/comments.coffee
@@ -24,7 +24,7 @@ angular.module('ponyfm').factory('comments', [
addComment: (resourceType, resourceId, content) ->
commentDef = new $.Deferred()
- $http.post('/api/web/comments/' + resourceType + '/' + resourceId, {content: content, _token: pfm.token}).success (comment) ->
+ $http.post('/api/web/comments/' + resourceType + '/' + resourceId, {content: content}).success (comment) ->
commentDef.resolve comment
commentDef.promise()
diff --git a/resources/assets/scripts/app/services/favourites.coffee b/resources/assets/scripts/app/services/favourites.coffee
index f9cd79b9..a5ca3471 100644
--- a/resources/assets/scripts/app/services/favourites.coffee
+++ b/resources/assets/scripts/app/services/favourites.coffee
@@ -24,7 +24,7 @@ angular.module('ponyfm').factory('favourites', [
self =
toggle: (type, id) ->
def = new $.Deferred()
- $http.post('/api/web/favourites/toggle', {type: type, id: id, _token: pfm.token}).success (res) ->
+ $http.post('/api/web/favourites/toggle', {type: type, id: id}).success (res) ->
def.resolve res
def.promise()
diff --git a/resources/assets/scripts/app/services/follow.coffee b/resources/assets/scripts/app/services/follow.coffee
index 9e97eb0b..d26239d3 100644
--- a/resources/assets/scripts/app/services/follow.coffee
+++ b/resources/assets/scripts/app/services/follow.coffee
@@ -20,7 +20,7 @@ angular.module('ponyfm').factory('follow', [
self =
toggle: (type, id) ->
def = new $.Deferred()
- $http.post('/api/web/follow/toggle', {type: type, id: id, _token: pfm.token}).success (res) ->
+ $http.post('/api/web/follow/toggle', {type: type, id: id}).success (res) ->
def.resolve res
def.promise()
diff --git a/resources/assets/scripts/app/services/playlists.coffee b/resources/assets/scripts/app/services/playlists.coffee
index 9b90ee2a..afbd14ab 100644
--- a/resources/assets/scripts/app/services/playlists.coffee
+++ b/resources/assets/scripts/app/services/playlists.coffee
@@ -63,7 +63,7 @@ angular.module('ponyfm').factory('playlists', [
addTrackToPlaylist: (playlistId, trackId) ->
def = new $.Deferred()
- $http.post('/api/web/playlists/' + playlistId + '/add-track', {track_id: trackId, _token: pfm.token}).success (res) ->
+ $http.post('/api/web/playlists/' + playlistId + '/add-track', {track_id: trackId}).success (res) ->
def.resolve(res)
def
@@ -77,7 +77,7 @@ angular.module('ponyfm').factory('playlists', [
deletePlaylist: (playlist) ->
def = new $.Deferred()
- $.post('/api/web/playlists/delete/' + playlist.id, {_token: window.pfm.token})
+ $.post('/api/web/playlists/delete/' + playlist.id)
.then -> $rootScope.$apply ->
if _.some(self.pinnedPlaylists, (p) -> p.id == playlist.id)
currentIndex = _.indexOf(self.pinnedPlaylists, (t) -> t.id == playlist.id)
@@ -92,7 +92,6 @@ angular.module('ponyfm').factory('playlists', [
editPlaylist: (playlist) ->
def = new $.Deferred()
- playlist._token = pfm.token
$.post('/api/web/playlists/edit/' + playlist.id, playlist)
.done (res) ->
$rootScope.$apply ->
@@ -125,7 +124,6 @@ angular.module('ponyfm').factory('playlists', [
createPlaylist: (playlist) ->
def = new $.Deferred()
- playlist._token = pfm.token
$.post('/api/web/playlists/create', playlist)
.done (res) ->
$rootScope.$apply ->
diff --git a/resources/assets/scripts/app/services/upload.coffee b/resources/assets/scripts/app/services/upload.coffee
index b951ab93..4205ff1b 100644
--- a/resources/assets/scripts/app/services/upload.coffee
+++ b/resources/assets/scripts/app/services/upload.coffee
@@ -62,6 +62,6 @@ angular.module('ponyfm').factory('upload', [
formData.append('track', file);
xhr.open 'POST', '/api/web/tracks/upload', true
- xhr.setRequestHeader 'X-CSRF-Token', pfm.token
+ xhr.setRequestHeader 'X-XSRF-TOKEN', $.cookie('XSRF-TOKEN')
xhr.send formData
])
diff --git a/resources/assets/scripts/embed/favourite.coffee b/resources/assets/scripts/embed/favourite.coffee
index 2a346a71..d649d459 100644
--- a/resources/assets/scripts/embed/favourite.coffee
+++ b/resources/assets/scripts/embed/favourite.coffee
@@ -21,7 +21,7 @@ trackId = $player.data 'track-id'
$favourite.click (e) ->
e.preventDefault()
- $.post('/api/web/favourites/toggle', {type: 'track', id: trackId, _token: pfm.token}).done (res) ->
+ $.post('/api/web/favourites/toggle', {type: 'track', id: trackId}).done (res) ->
if res.is_favourited
$player.addClass 'favourited'
else
diff --git a/resources/assets/scripts/shared/jquery-extensions.js b/resources/assets/scripts/shared/jquery-extensions.js
index 2c9d91b3..6e5a6b5e 100644
--- a/resources/assets/scripts/shared/jquery-extensions.js
+++ b/resources/assets/scripts/shared/jquery-extensions.js
@@ -1,3 +1,22 @@
+/**
+ * Pony.fm - A community for pony fan music.
+ * Copyright (C) 2015 Peter Deltchev
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+
+
if (jQuery.when.all===undefined) {
jQuery.when.all = function(deferreds) {
var deferred = new jQuery.Deferred();
@@ -11,4 +30,12 @@ if (jQuery.when.all===undefined) {
return deferred;
}
-}
\ No newline at end of file
+}
+
+
+// Include the CSRF token with all jQuery AJAX requests
+jQuery.ajaxPrefilter(function(options, originalOptions, jqXHR) {
+ if (!options.crossDomain) {
+ jqXHR.setRequestHeader('X-XSRF-TOKEN', jQuery.cookie('XSRF-TOKEN'))
+ }
+});
diff --git a/resources/views/shared/_app_layout.blade.php b/resources/views/shared/_app_layout.blade.php
index 2f6ced70..cc621b86 100644
--- a/resources/views/shared/_app_layout.blade.php
+++ b/resources/views/shared/_app_layout.blade.php
@@ -128,7 +128,6 @@
@section('scripts')
-
{!! Assets::scriptIncludes('embed') !!}
@if(config('ponyfm.google_analytics_id'))