diff options
| author | Étienne Loks <etienne.loks@peacefrogs.net> | 2011-02-15 01:14:17 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@peacefrogs.net> | 2011-02-15 01:14:17 +0100 |
| commit | e3501ee756de6819a285b87871294751c6bb4cf1 (patch) | |
| tree | 33f5cae9d1e08307cc58667173301861f980baf9 /static | |
| parent | 839196bce60228643012ff4c8ce2346d8d708ded (diff) | |
| download | Ishtar-e3501ee756de6819a285b87871294751c6bb4cf1.tar.bz2 Ishtar-e3501ee756de6819a285b87871294751c6bb4cf1.zip | |
Manage CRSF token in Ajax request (closes #217)
Diffstat (limited to 'static')
| -rw-r--r-- | static/js/ishtar.js | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/static/js/ishtar.js b/static/js/ishtar.js index c1aa2f569..174e56f0b 100644 --- a/static/js/ishtar.js +++ b/static/js/ishtar.js @@ -1,3 +1,29 @@ + +/* CSRFToken management */ +$.ajaxSetup({ +beforeSend: function(xhr, settings) { + function getCookie(name) { + var cookieValue = null; + if (document.cookie && document.cookie != '') { + var cookies = document.cookie.split(';'); + for (var i = 0; i < cookies.length; i++) { + var cookie = jQuery.trim(cookies[i]); + // Does this cookie string begin with the name we want? + if (cookie.substring(0, name.length + 1) == (name + '=')) { + cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); + break; + } + } + } + return cookieValue; + } + if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { + // Only send the token to relative URLs i.e. locally. + xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); + } +}}); + + $(document).ready(function(){ $("#main_menu ul ul").hide(); $("#main_menu ul ul .selected").parent().show(); |