From f322a277e2ff3ceb031a53bfad7024510618c742 Mon Sep 17 00:00:00 2001
From: Jos Groot Lipman <jos.grootlipman@aareon.nl>
Date: Thu, 30 Mar 2017 09:37:05 +0000
Subject: [PATCH] FSN#39957 API2 bestand tegen CSRF misbruik

svn path=/Website/trunk/; revision=33326
---
 APPL/SCF/scaffolding_import.inc | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/APPL/SCF/scaffolding_import.inc b/APPL/SCF/scaffolding_import.inc
index a71d15d0e6..81f7ec8367 100644
--- a/APPL/SCF/scaffolding_import.inc
+++ b/APPL/SCF/scaffolding_import.inc
@@ -32,16 +32,25 @@ function scaffolding_import(model, scf_params)
           function scf_import()
           {
             var data = $("#importeer").val();
-            protectRequest.dataToken(data);
-            $.post(url
-                  ,data
-                  ,importCallback
-                  ,"json"
-                  ).fail(function(xhr, status, error) {
+            try {
+                var tester = JSON.parse($("#importeer").val());
+            } catch (e) {
+                FcltMgr.alert(e.description || e.message);
+                return;
+            }
+
+            $.ajax({
+              type: "POST",
+              url: url,
+              data: data,
+              success: importCallback,
+              dataType: "json",
+              "headers": { "X-CSRF-TOKEN" : RVT_token }
+            }).fail(function(xhr, status, error) {
                     // error handling
                     var data = JSON.parse(xhr.responseText);
-                    alert(data.error.message);
-                  });
+                    FcltMgr.alert(data.error.message);
+            });
           }
 
       </script>