summaryrefslogtreecommitdiff
path: root/resources
diff options
context:
space:
mode:
Diffstat (limited to 'resources')
-rw-r--r--resources/assets/js/vendor.js4
-rw-r--r--resources/views/errors/419.twig7
-rw-r--r--resources/views/layouts/app.twig1
3 files changed, 12 insertions, 0 deletions
diff --git a/resources/assets/js/vendor.js b/resources/assets/js/vendor.js
index dd6b66b3..f9cddad6 100644
--- a/resources/assets/js/vendor.js
+++ b/resources/assets/js/vendor.js
@@ -14,3 +14,7 @@ require('./moment-countdown');
$(function () {
moment.locale($('html').attr('lang'));
});
+
+$.ajaxSetup({
+ headers: {'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')}
+});
diff --git a/resources/views/errors/419.twig b/resources/views/errors/419.twig
new file mode 100644
index 00000000..dcfec022
--- /dev/null
+++ b/resources/views/errors/419.twig
@@ -0,0 +1,7 @@
+{% extends "errors/default.twig" %}
+
+{% block title %}{{ __("Authentication expired") }}{% endblock %}
+
+{% block content %}
+ <div class="alert alert-warning">{{ __("The provided CSRF token is invalid or has expired") }}</div>
+{% endblock %}
diff --git a/resources/views/layouts/app.twig b/resources/views/layouts/app.twig
index fcbcc665..dc02e3ed 100644
--- a/resources/views/layouts/app.twig
+++ b/resources/views/layouts/app.twig
@@ -7,6 +7,7 @@
<meta charset="UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1">
+ <meta name="csrf-token" content="{{ csrf_token() }}">
<link rel="stylesheet" type="text/css" href="{{ asset('assets/theme' ~ theme ~ '.css') }}"/>
<script type="text/javascript" src="{{ asset('assets/vendor.js') }}"></script>