From b667cef0ab230e71bc7d30d4e6f9c8e82de2a0d0 Mon Sep 17 00:00:00 2001
From: "burke.davey" <burke.davey@dad15e60-07c4-0504-eb71-dc8a1c21358d>
Date: Tue, 25 May 2010 23:16:21 +0000
Subject: [PATCH] XSRF protection

---
 extension/popup.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/extension/popup.html b/extension/popup.html
index 8c044f7..eebfb11 100644
--- a/extension/popup.html
+++ b/extension/popup.html
@@ -47,6 +47,7 @@ function sendToPhone(title, url, selection) {
   var sendUrl = baseUrl + '?title=' + encodeURIComponent(title) +
       '&url=' + encodeURIComponent(url) + '&sel=' + encodeURIComponent(selection);
   req.open('GET', sendUrl, true);
+  req.setRequestHeader('X-Extension', 'true');  // XSRF protector
 
   req.onreadystatechange = function() {
     if (this.readyState == 4) {