From dbcf17b6637e31ee490564c5bc33c06acd8577f6 Mon Sep 17 00:00:00 2001
From: rudolfkoenig <>
Date: Mon, 6 Feb 2017 21:46:25 +0000
Subject: [PATCH] 01_FHEMWEB.pm: add csrfToken to the HTTP header (Forum
 #66484)

git-svn-id: https://svn.fhem.de/fhem/trunk@13348 2b470e98-0d58-463d-a4d8-8e2adae1ed80
---
 fhem/FHEM/01_FHEMWEB.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fhem/FHEM/01_FHEMWEB.pm b/fhem/FHEM/01_FHEMWEB.pm
index b1f71776f..b77988cb4 100755
--- a/fhem/FHEM/01_FHEMWEB.pm
+++ b/fhem/FHEM/01_FHEMWEB.pm
@@ -412,6 +412,8 @@ FW_Read($$)
               "Access-Control-Allow-Headers: Origin, Authorization, Accept\r\n".
               "Access-Control-Allow-Credentials: true\r\n".
               "Access-Control-Max-Age:86400\r\n" : "");
+   $FW_headerlines .= "X-FHEM-csrfToken: $defs{$FW_wname}{CSRFTOKEN}\r\n"
+        if($defs{$FW_wname}{CSRFTOKEN});
 
   #########################
   # Return 200 for OPTIONS or 405 for unsupported method