Mercurial > public > sg101
diff gpp/shoutbox/static/js/shoutbox.js @ 322:c3d3d7114749
Fix #148; Django now requires AJAX posts to present the CSRF token. Added code suggested by Django docs to shoutbox.js. Since shoutbox.js is on every page, it should cover all cases.
author | Brian Neal <bgneal@gmail.com> |
---|---|
date | Sat, 12 Feb 2011 21:37:17 +0000 |
parents | 88b2b9cb8c1f |
children | 85d7b62d5c17 |
line wrap: on
line diff
--- a/gpp/shoutbox/static/js/shoutbox.js Wed Feb 09 01:28:36 2011 +0000 +++ b/gpp/shoutbox/static/js/shoutbox.js Sat Feb 12 21:37:17 2011 +0000 @@ -1,4 +1,27 @@ $(document).ready(function() { + $.ajaxSetup({ + beforeSend: function(xhr, settings) { + function getCookie(name) { + var cookieValue = null; + if (document.cookie && document.cookie != '') { + var cookies = document.cookie.split(';'); + for (var i = 0; i < cookies.length; i++) { + var cookie = jQuery.trim(cookies[i]); + // Does this cookie string begin with the name we want? + if (cookie.substring(0, name.length + 1) == (name + '=')) { + cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); + break; + } + } + } + return cookieValue; + } + if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { + // Only send the token to relative URLs i.e. locally. + xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); + } + } + }); var numShouts = $('#shoutbox-shout-container > p').size(); var sbBox = $('#shoutbox-shout-container');