summaryrefslogtreecommitdiff
path: root/tbc/static/js
diff options
context:
space:
mode:
Diffstat (limited to 'tbc/static/js')
-rw-r--r--tbc/static/js/hitcount-jquery.js60
-rw-r--r--tbc/static/js/jquery.postcsrf.js59
2 files changed, 119 insertions, 0 deletions
diff --git a/tbc/static/js/hitcount-jquery.js b/tbc/static/js/hitcount-jquery.js
new file mode 100644
index 0000000..e7106b3
--- /dev/null
+++ b/tbc/static/js/hitcount-jquery.js
@@ -0,0 +1,60 @@
+$(document).ready(function() {
+ /**
+ * https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
+ *
+ * Remember you will need to ensure csrf tokens by adding:
+ * @ensure_csrf_cookie to your views that require this javascript
+ *
+ * Also, you will probably want to include this with your other sitewide
+ * javascript files ... this is just an example.
+ */
+
+ if ( typeof hitcountJS === 'undefined' ) {
+ // since this is loaded on every page only do something
+ // if a hit is going to be counted
+ return;
+ }
+
+ var hitcountPK = hitcountJS['hitcountPK'];
+ var hitcountURL = hitcountJS['hitcountURL'];
+ var csrftoken = getCookie('csrftoken');
+
+ $.ajaxSetup({
+ beforeSend: function(xhr, settings) {
+ if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+ xhr.setRequestHeader("X-CSRFToken", csrftoken);
+ }
+ }
+ });
+
+ $.post( hitcountURL, { "hitcountPK" : hitcountPK },
+ function(data, status) {
+
+ console.log(data); // just so you can see the response
+
+ if (data.status == 'error') {
+ // do something for error?
+ }
+ }, 'json');
+});
+
+function getCookie(name) {
+ var cookieValue = null;
+ if (document.cookie && document.cookie != '') {
+ var cookies = document.cookie.split(';');
+ for (var i = 0; i < cookies.length; i++) {
+ var cookie = jQuery.trim(cookies[i]);
+ // Does this cookie string begin with the name we want?
+ if (cookie.substring(0, name.length + 1) == (name + '=')) {
+ cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+ break;
+ }
+ }
+ }
+ return cookieValue;
+}
+
+function csrfSafeMethod(method) {
+ // these HTTP methods do not require CSRF protection
+ return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+}
diff --git a/tbc/static/js/jquery.postcsrf.js b/tbc/static/js/jquery.postcsrf.js
new file mode 100644
index 0000000..911626a
--- /dev/null
+++ b/tbc/static/js/jquery.postcsrf.js
@@ -0,0 +1,59 @@
+/**
+ * Wrapper for jQuery's $.post() that retrieves the CSRF token from the browser
+ * cookie and sets then sets "X-CSRFToken" header in one fell swoop.
+ *
+ * Based on the example code given at the Django docs:
+ * https://docs.djangoproject.com/en/1.9/ref/csrf/#ajax
+ *
+ * Use as you would $.post().
+ */
+
+(function($) {
+
+ $.postCSRF = function(url, data, callback, type) {
+
+ function csrfSafeMethod(method) {
+ // these HTTP methods do not require CSRF protection
+ return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+ }
+
+ function getCookie(name) {
+ var cookieValue = null;
+ if (document.cookie && document.cookie !== '') {
+ var cookies = document.cookie.split(';');
+ for (var i = 0; i < cookies.length; i++) {
+ var cookie = jQuery.trim(cookies[i]);
+ // Does this cookie string begin with the name we want?
+ if (cookie.substring(0, name.length + 1) == (name + '=')) {
+ cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+ break;
+ }
+ }
+ }
+ return cookieValue;
+ }
+
+ var csrftoken = getCookie('csrftoken');
+
+ // shift arguments if data argument was omitted
+ if ($.isFunction(data)) {
+ type = type || callback;
+ callback = data;
+ data = undefined;
+ }
+
+ return $.ajax(jQuery.extend({
+ url: url,
+ type: "POST",
+ dataType: type,
+ data: data,
+ success: callback,
+ beforeSend: function(xhr, settings) {
+ if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+ xhr.setRequestHeader("X-CSRFToken", csrftoken);
+ }
+ }
+ }, jQuery.isPlainObject(url) && url));
+ };
+
+}(jQuery));