From 7b64adecf148852ca94bba1888d94aa4e3f77270 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Thu, 13 Jan 2011 11:05:52 +1300
Subject: [PATCH] Make rails.js include the CSRF token in the X-CSRF-Token
 header with every ajax request.

---
 .../app/templates/public/javascripts/rails.js    | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/railties/lib/rails/generators/rails/app/templates/public/javascripts/rails.js b/railties/lib/rails/generators/rails/app/templates/public/javascripts/rails.js
index 4283ed89824f8..aed6aed3693f3 100644
--- a/railties/lib/rails/generators/rails/app/templates/public/javascripts/rails.js
+++ b/railties/lib/rails/generators/rails/app/templates/public/javascripts/rails.js
@@ -172,4 +172,20 @@
       input.disabled = false;
     });
   });
+
+  Ajax.Responders.register({
+    onCreate: function(request) {
+      var csrf_meta_tag = $$('meta[name=csrf-token]')[0];
+
+      if (csrf_meta_tag) {
+        var header = 'X-CSRF-Token',
+            token = csrf_meta_tag.readAttribute('content');
+
+        if (!request.options.requestHeaders) {
+          request.options.requestHeaders = {};
+        }
+        request.options.requestHeaders[header] = token;
+      }
+    }
+  });
 })();