From fdad0730402c4ffa9c0a56b09f30186d3182c884 Mon Sep 17 00:00:00 2001
From: Anton Dyudin <ohAitch@gmail.com>
Date: Thu, 26 Mar 2015 13:37:25 -0700
Subject: [PATCH] urb.js safety

---
 main/lib/urb.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main/lib/urb.js b/main/lib/urb.js
index adc86c7f9e..284e8e41b1 100644
--- a/main/lib/urb.js
+++ b/main/lib/urb.js
@@ -14,6 +14,7 @@ window.urb.req = function(method,url,params,json,cb) {
   if(json)
     xhr.setRequestHeader("content-type", "text/json")
 
+  if(!window.urb.oryx) throw "No CSRF token" // XX fetch auth.json
   _data = {oryx: window.urb.oryx}
   if(params.xyro) { _data.xyro = params.xyro; }
   if(params.ship) { _data.ship = params.ship; }