Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.2.X] Fixed #15284 - improved example jQuery code for adding X-CSRF…

…-Token

Using the ajaxSend event is better than beforeSend, because the beforeSend
callback can have only one value, which makes it painful if it is needed by
multiple bits of javascript.

Thanks to LukeMaurer for report and initial patch.

Backport of [15515] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15517 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit cfaac48710fdab7cd427b8bea130a8a8c3f8bbbc 1 parent 6a438e2
Luke Plant authored February 12, 2011

Showing 1 changed file with 17 additions and 19 deletions. Show diff stats Hide diff stats

  1. 36  docs/ref/contrib/csrf.txt
36  docs/ref/contrib/csrf.txt
@@ -90,31 +90,29 @@ every POST request. For this reason, there is an alternative method: on each
90 90
 XMLHttpRequest, set a custom `X-CSRFToken` header to the value of the CSRF
91 91
 token. This is often easier, because many javascript frameworks provide hooks
92 92
 that allow headers to be set on every request. In jQuery, you can use the
93  
-``beforeSend`` hook as follows:
  93
+``ajaxSend`` event as follows:
94 94
 
95 95
 .. code-block:: javascript
96 96
 
97  
-    $.ajaxSetup({
98  
-        beforeSend: function(xhr, settings) {
99  
-            function getCookie(name) {
100  
-                var cookieValue = null;
101  
-                if (document.cookie && document.cookie != '') {
102  
-                    var cookies = document.cookie.split(';');
103  
-                    for (var i = 0; i < cookies.length; i++) {
104  
-                        var cookie = jQuery.trim(cookies[i]);
105  
-                        // Does this cookie string begin with the name we want?
106  
-                        if (cookie.substring(0, name.length + 1) == (name + '=')) {
107  
-                            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
108  
-                            break;
109  
-                        }
  97
+    $('html').ajaxSend(function(event, xhr, settings) {
  98
+        function getCookie(name) {
  99
+            var cookieValue = null;
  100
+            if (document.cookie && document.cookie != '') {
  101
+                var cookies = document.cookie.split(';');
  102
+                for (var i = 0; i < cookies.length; i++) {
  103
+                    var cookie = jQuery.trim(cookies[i]);
  104
+                    // Does this cookie string begin with the name we want?
  105
+                    if (cookie.substring(0, name.length + 1) == (name + '=')) {
  106
+                        cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
  107
+                        break;
110 108
                     }
111 109
                 }
112  
-                return cookieValue;
113  
-            }
114  
-            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
115  
-                // Only send the token to relative URLs i.e. locally.
116  
-                xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
117 110
             }
  111
+            return cookieValue;
  112
+        }
  113
+        if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
  114
+            // Only send the token to relative URLs i.e. locally.
  115
+            xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
118 116
         }
119 117
     });
120 118
 

0 notes on commit cfaac48

Please sign in to comment.
Something went wrong with that request. Please try again.