Browse files

Make rails.js include the CSRF token in the X-CSRF-Token header with …

…every ajax request.
  • Loading branch information...
1 parent 66ce384 commit 7b64adecf148852ca94bba1888d94aa4e3f77270 @NZKoz NZKoz committed Jan 13, 2011
Showing with 16 additions and 0 deletions.
  1. +16 −0 railties/lib/rails/generators/rails/app/templates/public/javascripts/rails.js
View
16 railties/lib/rails/generators/rails/app/templates/public/javascripts/rails.js
@@ -172,4 +172,20 @@
input.disabled = false;
});
});
+
+ Ajax.Responders.register({
+ onCreate: function(request) {
+ var csrf_meta_tag = $$('meta[name=csrf-token]')[0];
+
+ if (csrf_meta_tag) {
+ var header = 'X-CSRF-Token',
+ token = csrf_meta_tag.readAttribute('content');
+
+ if (!request.options.requestHeaders) {
+ request.options.requestHeaders = {};
+ }
+ request.options.requestHeaders[header] = token;
+ }
+ }
+ });
})();

0 comments on commit 7b64ade

Please sign in to comment.