forked from berliCRM/berlicrm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.security.php
38 lines (34 loc) · 1.33 KB
/
config.security.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
/*+*******************************************************************************
* The contents of this file are subject to the vtiger CRM Public License Version 1.0
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
********************************************************************************/
/**
* Vtiger specific custom config startup for CSRF
*/
function csrf_startup(){
//Override the default expire time of token
$GLOBALS['csrf']['expires'] = 259200;
/**if an ajax request initiated, then if php serves content with <html> tags
* as a response, then unnecessarily we are injecting csrf magic javascipt
* in the response html at <head> and <body> using csrf_ob_handler().
* So, to overwride above rewriting we need following config.
*/
if(isAjax()) {
$GLOBALS['csrf']['frame-breaker'] = false;
$GLOBALS['csrf']['rewrite-js'] = null;
}
}
function isAjax() {
if (!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) {
return true;
} elseif (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
return true;
}
return false;
}
?>