Skip to content

Loading…

Needs updating for Rails 3.0.4 #4

Closed
tarrall opened this Issue · 1 comment

2 participants

@tarrall

The new Rails 3.0.4 CSRF protection means rails.js needs to be updated. Appears that the same code added to rails.js in railties-3.0.4 works here as well:

Ajax.Responders.register({
  onCreate: function(request) {
    var csrf_meta_tag = $$('meta[name=csrf-token]')[0];

    if (csrf_meta_tag) {
      var header = 'X-CSRF-Token',
          token = csrf_meta_tag.readAttribute('content');

      if (!request.options.requestHeaders) {
        request.options.requestHeaders = {};
      }
      request.options.requestHeaders[header] = token;
    }
  }
});
@NZKoz
Ruby on Rails member

include the X-CSRF-Token header with every Ajax request

closed by 5e5e57b

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.