From 61c00779d087cb3a3f136bb47bcf48c502f16156 Mon Sep 17 00:00:00 2001
From: Andrew Smith <espadav8@gmail.com>
Date: Sun, 25 Mar 2012 08:45:48 +0100
Subject: [PATCH] Set the X-CSRF-Token header for AJAX requests with jQuery.
 #950

---
 public/javascripts/application.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index b2c4b7309b..9b25ddad6d 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -467,7 +467,15 @@ jQuery.viewportHeight = function() {
 
 // Automatically use format.js for jQuery Ajax
 jQuery.ajaxSetup({
-  'beforeSend': function(xhr) {xhr.setRequestHeader("Accept", "text/javascript")}
+    'beforeSend': function(xhr) {
+        xhr.setRequestHeader("Accept", "text/javascript");
+
+        // TODO: Remove once jquery-rails (Rails 3) has been added a dependency
+        var csrf_meta_tag = jQuery('meta[name="csrf-token"]');
+        if (csrf_meta_tag) {
+            xhr.setRequestHeader('X-CSRF-Token', csrf_meta_tag.attr('content'));
+        }
+    }
 })
 
 /* TODO: integrate with existing code and/or refactor */