Skip to content
Browse files

xhr support

  • Loading branch information...
1 parent cb5687d commit 04a0639eec10755d0ac60906ab6ef3fe34189a53 alexkuhl committed Mar 31, 2011
Showing with 23 additions and 3 deletions.
  1. +18 −2 client/fileuploader.js
  2. +5 −1 readme.md
View
20 client/fileuploader.js
@@ -2,7 +2,8 @@
* http://github.com/valums/file-uploader
*
* Multiple file upload component with progress-bar, drag-and-drop.
- * © 2010 Andrew Valums ( andrew(at)valums.com )
+ * © 2010 Andrew Valums ( andrew(at)valums.com )
+ * © 2011 Alex Kuhl (alexkuhl.org)
*
* Licensed under GNU GPL 2 or later, see license.txt.
*/
@@ -1113,14 +1114,17 @@ qq.extend(qq.UploadHandlerForm.prototype, {
{
var csrf = '<input type="hidden" name="'+ params.csrf_name +'" value="' + params.csrf_token + '" />' ;
form = qq.toElement('<form method="post" enctype="multipart/form-data">' + csrf + '</form>');
+ if( params.csrf_xname )
+ delete params.csrf_xname ;
}
else
form = qq.toElement('<form method="post" enctype="multipart/form-data"></form>');
// get rid of the csrf parameters
delete params.csrf_token ;
delete params.csrf_name ;
-
+ delete params.csrf_xname ;
+
var queryString = qq.obj2url(params, this._options.action);
form.setAttribute('action', queryString);
@@ -1216,13 +1220,25 @@ qq.extend(qq.UploadHandlerXhr.prototype, {
// build query string
params = params || {};
+ var token = false ;
+ var xname = false ;
+ if( params.csrf_token && params.csrf_xname )
+ {
+ token = params.csrf_token ;
+ xname = params.csrf_xname ;
+ delete params.csrf_token ;
+ delete params.csrf_xname ;
+ delete params.csrf_name ;
+ }
params['qqfile'] = name;
var queryString = qq.obj2url(params, this._options.action);
xhr.open("POST", queryString, true);
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhr.setRequestHeader("X-File-Name", encodeURIComponent(name));
xhr.setRequestHeader("Content-Type", "application/octet-stream");
+ if( token )
+ xhr.setRequestHeader( xname, token ) ;
xhr.send(file);
},
_onComplete: function(id, xhr){
View
6 readme.md
@@ -78,7 +78,11 @@ If you can't find the one you need, check the readme.txt in the same folder.
/ the specified name and token value.
// - csrf_token: the CSRF value the server requires
// - csrf_name: HTML name attribute of the input element containing
- // the csrf_token
+ // the csrf_token that your framework expects for forms
+ // ex. 'csrfmiddlewaretoken' for django
+ // - csrf_xname: The HTTP header name your framework expects for
+ // ajax submissions.
+ // ex. 'X-CSRFToken' for django, 'X-CSRF-Token' for RoR
// validation
// ex. ['jpg', 'jpeg', 'png', 'gif'] or []

0 comments on commit 04a0639

Please sign in to comment.
Something went wrong with that request. Please try again.