From e3501ee756de6819a285b87871294751c6bb4cf1 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@peacefrogs.net>
Date: Tue, 15 Feb 2011 01:14:17 +0100
Subject: Manage CRSF token in Ajax request (closes #217)

---
 static/js/ishtar.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'static')

diff --git a/static/js/ishtar.js b/static/js/ishtar.js
index c1aa2f569..174e56f0b 100644
--- a/static/js/ishtar.js
+++ b/static/js/ishtar.js
@@ -1,3 +1,29 @@
+
+/* CSRFToken management */
+$.ajaxSetup({
+beforeSend: function(xhr, settings) {
+    function getCookie(name) {
+        var cookieValue = null;
+        if (document.cookie && document.cookie != '') {
+            var cookies = document.cookie.split(';');
+            for (var i = 0; i < cookies.length; i++) {
+                var cookie = jQuery.trim(cookies[i]);
+                // Does this cookie string begin with the name we want?
+                if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                    break;
+                }
+            }
+        }
+        return cookieValue;
+    }
+    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+        // Only send the token to relative URLs i.e. locally.
+        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+    }
+}});
+
+
 $(document).ready(function(){
     $("#main_menu ul ul").hide();
     $("#main_menu ul ul .selected").parent().show();
-- 
cgit v1.2.3