You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.4 KiB
JavaScript
55 lines
1.4 KiB
JavaScript
// Boilerplate for handling CSRF, from Django's website
|
|
/*global document*/
|
|
function getCookie(name) {
|
|
"use strict";
|
|
var cookieValue = null;
|
|
if (document.cookie && document.cookie !== "") {
|
|
var cookies = document.cookie.split(";");
|
|
for (var i = 0; i < cookies.length; i++) {
|
|
var cookie = jQuery.trim(cookies[i]);
|
|
// Does this cookie string begin with the name we want?
|
|
if (cookie.substring(0, name.length + 1) === (name + "=")) {
|
|
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
return cookieValue;
|
|
}
|
|
|
|
function setCookie(name, value, days) {
|
|
"use strict";
|
|
var expires = new Date();
|
|
expires.setTime(expires.getTime() + (days * 24 * 60 * 60 * 1000));
|
|
document.cookie = name + "=" + value + ";expires=" + expires.toUTCString();
|
|
}
|
|
|
|
function deleteCookie(name) {
|
|
setCookie(name, 0, -1);
|
|
}
|
|
|
|
// frame-busting code
|
|
if (parent.location != self.location) {
|
|
parent.location = self.location;
|
|
}
|
|
|
|
function csrfSafeMethod(method) {
|
|
"use strict";
|
|
// these HTTP methods do not require CSRF protection
|
|
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
|
|
}
|
|
|
|
var csrftoken = getCookie("csrftoken");
|
|
|
|
$(function() {
|
|
"use strict";
|
|
$.ajaxSetup({
|
|
crossDomain: false, // obviates need for sameOrigin test
|
|
beforeSend: function(xhr, settings) {
|
|
if (!csrfSafeMethod(settings.type)) {
|
|
xhr.setRequestHeader("X-CSRFToken", csrftoken);
|
|
}
|
|
}
|
|
});
|
|
});
|