Needs updating for Rails 3.0.4 #4

Closed
tarrall opened this Issue Feb 12, 2011 · 1 comment

Comments

Projects
None yet
2 participants
@tarrall

tarrall commented Feb 12, 2011

The new Rails 3.0.4 CSRF protection means rails.js needs to be updated. Appears that the same code added to rails.js in railties-3.0.4 works here as well:

Ajax.Responders.register({
  onCreate: function(request) {
    var csrf_meta_tag = $$('meta[name=csrf-token]')[0];

    if (csrf_meta_tag) {
      var header = 'X-CSRF-Token',
          token = csrf_meta_tag.readAttribute('content');

      if (!request.options.requestHeaders) {
        request.options.requestHeaders = {};
      }
      request.options.requestHeaders[header] = token;
    }
  }
});
@NZKoz

This comment has been minimized.

Show comment
Hide comment
@NZKoz

NZKoz Feb 13, 2011

Member

include the X-CSRF-Token header with every Ajax request

closed by 5e5e57b

Member

NZKoz commented Feb 13, 2011

include the X-CSRF-Token header with every Ajax request

closed by 5e5e57b

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment