Permalink
Browse files

include the X-CSRF-Token header with every Ajax request

closes #4
  • Loading branch information...
1 parent cac3a08 commit 5e5e57b478293602281a410ccbebbc1c8594a90a @NZKoz NZKoz committed with mislav Feb 13, 2011
Showing with 10 additions and 0 deletions.
  1. +10 −0 src/rails.js
View
@@ -1,4 +1,14 @@
(function() {
+ Ajax.Responders.register({
+ onCreate: function(request) {
+ var token = $$('meta[name=csrf-token]')[0];
+ if (token) {
+ if (!request.options.requestHeaders) request.options.requestHeaders = {};
+ request.options.requestHeaders['X-CSRF-Token'] = token.readAttribute('content');
+ }
+ }
+ });
+
// Technique from Juriy Zaytsev
// http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
function isEventSupported(eventName) {

0 comments on commit 5e5e57b

Please sign in to comment.