Always pass CSRF tokens when posting with jQuery

[WGierke]

As stated here, it would be nice to automatically add the current page's CSRF token to a POST request by jQuery.

Expected Behavior

When posting to the API, one is not required to always manually parse the CSRF token from the current page and send it to the backend.

Current Behavior

One is supposed to grap the token from the page every time one wants to post something:

update: function(nodule) {
        this.$http.post(nodule.url + "update",
          { csrfmiddlewaretoken: $("input[name=csrfmiddlewaretoken]").val(),
            lung_orientation: $("select[name=lung_orientation]").val()
          }).then(function(response) {
          console.log(response);
          }

We don't want to always manually add csrfmiddlewaretoken: $("input[name=csrfmiddlewaretoken]").val().

Possible Solution

Use one of jQuerys global AJAX handlers like .ajaxSend().

Checklist before submitting

• I have searched through the other currently open issues and am confident this is not a duplicate of an existing bug
• I provided a minimal code snippet or list of steps that reproduces the bug.
• I filled out all the relevant sections of this template

[isms]

Why are we posting with jQuery?

[isms]

Hi @WGierke, looks like we have a way forward with the jQuery issues (i.e. using Vue instead) and that the CSRF discussion is separate.

Any objections to closing?

[WGierke]

No, thanks.