Permalink
Browse files

Add CSRF fix for all ajax calls

  • Loading branch information...
1 parent d91cfe6 commit ce8b32f0a1dfb20e8c9869379f889edd1b061217 @rodbegbie rodbegbie committed Apr 15, 2011
Showing with 25 additions and 0 deletions.
  1. +25 −0 nexus/media/js/nexus.js
@@ -0,0 +1,25 @@
+// AJAX CSRF setup. Source: http://docs.djangoproject.com/en/1.2/ref/contrib/csrf/#ajax
+
+jQuery.ajaxSetup({
+ beforeSend: function(xhr, settings) {
+ function getCookie(name) {
+ var cookieValue = null;
+ if (document.cookie && document.cookie != '') {
+ var cookies = document.cookie.split(';');
+ for (var i = 0; i < cookies.length; i++) {
+ var cookie = jQuery.trim(cookies[i]);
+ // Does this cookie string begin with the name we want?
+ if (cookie.substring(0, name.length + 1) == (name + '=')) {
+ cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+ break;
+ }
+ }
+ }
+ return cookieValue;
+ }
+ if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+ // Only send the token to relative URLs i.e. locally.
+ xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+ }
+ }
+});

0 comments on commit ce8b32f

Please sign in to comment.