Permalink
Browse files

Make rails.js include the CSRF token in the X-CSRF-Token header with …

…every ajax request.
  • Loading branch information...
NZKoz authored and tenderlove committed Jan 12, 2011
1 parent ae19e41 commit 11061f410eca48c3a1922ade001bc54927e6b8c7
@@ -189,4 +189,20 @@
document.on('ajax:complete', 'form', function(event, form) {
if (form == event.findElement()) enableFormElements(form);
});
+
+ Ajax.Responders.register({
+ onCreate: function(request) {
+ var csrf_meta_tag = $$('meta[name=csrf-token]')[0];
+
+ if (csrf_meta_tag) {
+ var header = 'X-CSRF-Token',
+ token = csrf_meta_tag.readAttribute('content');
+
+ if (!request.options.requestHeaders) {
+ request.options.requestHeaders = {};
+ }
+ request.options.requestHeaders[header] = token;
+ }
+ }
+ });
})();

2 comments on commit 11061f4

@pacoguzman

This comment has been minimized.

Show comment Hide comment
@pacoguzman

pacoguzman Feb 8, 2011

Contributor

should be included in jquery-ujs.js too?

Contributor

pacoguzman replied Feb 8, 2011

should be included in jquery-ujs.js too?

@mislav

This comment has been minimized.

Show comment Hide comment
@mislav

mislav Feb 8, 2011

Member

Will add them to both.

Member

mislav replied Feb 8, 2011

Will add them to both.

Please sign in to comment.