# HG changeset patch
# User Brian Neal <bgneal@gmail.com>
# Date 1297546637 0
# Node ID c3d3d7114749872e1acd689f5156c910668d4648
# Parent  28de6caa4e6dd7b91159958164e30d2a3e5d4e9b
Fix #148; Django now requires AJAX posts to present the CSRF token. Added code suggested by Django docs to shoutbox.js. Since shoutbox.js is on every page, it should cover all cases.

diff -r 28de6caa4e6d -r c3d3d7114749 gpp/shoutbox/static/js/shoutbox.js
--- a/gpp/shoutbox/static/js/shoutbox.js	Wed Feb 09 01:28:36 2011 +0000
+++ b/gpp/shoutbox/static/js/shoutbox.js	Sat Feb 12 21:37:17 2011 +0000
@@ -1,4 +1,27 @@
 $(document).ready(function() {
+   $.ajaxSetup({
+       beforeSend: function(xhr, settings) {
+           function getCookie(name) {
+               var cookieValue = null;
+               if (document.cookie && document.cookie != '') {
+                   var cookies = document.cookie.split(';');
+                   for (var i = 0; i < cookies.length; i++) {
+                       var cookie = jQuery.trim(cookies[i]);
+                       // Does this cookie string begin with the name we want?
+                       if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                           cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                           break;
+                       }
+                   }
+               }
+               return cookieValue;
+           }
+           if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+               // Only send the token to relative URLs i.e. locally.
+               xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+           }
+       }
+   });
 
    var numShouts = $('#shoutbox-shout-container > p').size(); 
    var sbBox = $('#shoutbox-shout-container');