Mercurial > public > sg101

changeset 322:c3d3d7114749

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix #148; Django now requires AJAX posts to present the CSRF token. Added code suggested by Django docs to shoutbox.js. Since shoutbox.js is on every page, it should cover all cases.
author Brian Neal <bgneal@gmail.com>
date Sat, 12 Feb 2011 21:37:17 +0000
parents 28de6caa4e6d
children 0c18dfb1da1c
files gpp/shoutbox/static/js/shoutbox.js
diffstat 1 files changed, 23 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/gpp/shoutbox/static/js/shoutbox.js	Wed Feb 09 01:28:36 2011 +0000
+++ b/gpp/shoutbox/static/js/shoutbox.js	Sat Feb 12 21:37:17 2011 +0000
@@ -1,4 +1,27 @@
 $(document).ready(function() {
+   $.ajaxSetup({
+       beforeSend: function(xhr, settings) {
+           function getCookie(name) {
+               var cookieValue = null;
+               if (document.cookie && document.cookie != '') {
+                   var cookies = document.cookie.split(';');
+                   for (var i = 0; i < cookies.length; i++) {
+                       var cookie = jQuery.trim(cookies[i]);
+                       // Does this cookie string begin with the name we want?
+                       if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                           cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                           break;
+                       }
+                   }
+               }
+               return cookieValue;
+           }
+           if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+               // Only send the token to relative URLs i.e. locally.
+               xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+           }
+       }
+   });
 
    var numShouts = $('#shoutbox-shout-container > p').size(); 
    var sbBox = $('#shoutbox-shout-container');