1 files changed, 59 insertions, 0 deletions

diff --git a/tbc/static/js/jquery.postcsrf.js b/tbc/static/js/jquery.postcsrf.js
new file mode 100644
index 0000000..911626a
--- /dev/null
+++ b/tbc/static/js/jquery.postcsrf.js
@@ -0,0 +1,59 @@
+/**
+ * Wrapper for jQuery's $.post() that retrieves the CSRF token from the browser
+ * cookie and sets then sets "X-CSRFToken" header in one fell swoop.
+ *
+ * Based on the example code given at the Django docs:
+ * https://docs.djangoproject.com/en/1.9/ref/csrf/#ajax
+ *
+ * Use as you would $.post().
+ */
+
+(function($) {
+
+  $.postCSRF = function(url, data, callback, type) {
+
+    function csrfSafeMethod(method) {
+      // these HTTP methods do not require CSRF protection
+      return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+    }
+
+    function getCookie(name) {
+      var cookieValue = null;
+      if (document.cookie && document.cookie !== '') {
+        var cookies = document.cookie.split(';');
+        for (var i = 0; i < cookies.length; i++) {
+          var cookie = jQuery.trim(cookies[i]);
+          // Does this cookie string begin with the name we want?
+          if (cookie.substring(0, name.length + 1) == (name + '=')) {
+            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+            break;
+          }
+        }
+      }
+      return cookieValue;
+    }
+
+    var csrftoken = getCookie('csrftoken');
+
+    // shift arguments if data argument was omitted
+    if ($.isFunction(data)) {
+      type = type || callback;
+      callback = data;
+      data = undefined;
+    }
+
+    return $.ajax(jQuery.extend({
+      url: url,
+      type: "POST",
+      dataType: type,
+      data: data,
+      success: callback,
+      beforeSend: function(xhr, settings) {
+        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+          xhr.setRequestHeader("X-CSRFToken", csrftoken);
+        }
+      }
+    }, jQuery.isPlainObject(url) && url));
+  };
+
+}(jQuery));