diff gpp/shoutbox/static/js/shoutbox.js @ 322:c3d3d7114749

Fix #148; Django now requires AJAX posts to present the CSRF token. Added code suggested by Django docs to shoutbox.js. Since shoutbox.js is on every page, it should cover all cases.
author Brian Neal <bgneal@gmail.com>
date Sat, 12 Feb 2011 21:37:17 +0000
parents 88b2b9cb8c1f
children 85d7b62d5c17
line wrap: on
line diff
--- a/gpp/shoutbox/static/js/shoutbox.js	Wed Feb 09 01:28:36 2011 +0000
+++ b/gpp/shoutbox/static/js/shoutbox.js	Sat Feb 12 21:37:17 2011 +0000
@@ -1,4 +1,27 @@
 $(document).ready(function() {
+   $.ajaxSetup({
+       beforeSend: function(xhr, settings) {
+           function getCookie(name) {
+               var cookieValue = null;
+               if (document.cookie && document.cookie != '') {
+                   var cookies = document.cookie.split(';');
+                   for (var i = 0; i < cookies.length; i++) {
+                       var cookie = jQuery.trim(cookies[i]);
+                       // Does this cookie string begin with the name we want?
+                       if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                           cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                           break;
+                       }
+                   }
+               }
+               return cookieValue;
+           }
+           if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+               // Only send the token to relative URLs i.e. locally.
+               xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+           }
+       }
+   });
 
    var numShouts = $('#shoutbox-shout-container > p').size(); 
    var sbBox = $('#shoutbox-shout-container');