diff options
Diffstat (limited to 'tbc/static')
| -rw-r--r-- | tbc/static/js/hitcount-jquery.js | 60 | ||||
| -rw-r--r-- | tbc/static/js/jquery.postcsrf.js | 59 |
2 files changed, 119 insertions, 0 deletions
diff --git a/tbc/static/js/hitcount-jquery.js b/tbc/static/js/hitcount-jquery.js new file mode 100644 index 0000000..e7106b3 --- /dev/null +++ b/tbc/static/js/hitcount-jquery.js @@ -0,0 +1,60 @@ +$(document).ready(function() { + /** + * https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax + * + * Remember you will need to ensure csrf tokens by adding: + * @ensure_csrf_cookie to your views that require this javascript + * + * Also, you will probably want to include this with your other sitewide + * javascript files ... this is just an example. + */ + + if ( typeof hitcountJS === 'undefined' ) { + // since this is loaded on every page only do something + // if a hit is going to be counted + return; + } + + var hitcountPK = hitcountJS['hitcountPK']; + var hitcountURL = hitcountJS['hitcountURL']; + var csrftoken = getCookie('csrftoken'); + + $.ajaxSetup({ + beforeSend: function(xhr, settings) { + if (!csrfSafeMethod(settings.type) && !this.crossDomain) { + xhr.setRequestHeader("X-CSRFToken", csrftoken); + } + } + }); + + $.post( hitcountURL, { "hitcountPK" : hitcountPK }, + function(data, status) { + + console.log(data); // just so you can see the response + + if (data.status == 'error') { + // do something for error? + } + }, 'json'); +}); + +function getCookie(name) { + var cookieValue = null; + if (document.cookie && document.cookie != '') { + var cookies = document.cookie.split(';'); + for (var i = 0; i < cookies.length; i++) { + var cookie = jQuery.trim(cookies[i]); + // Does this cookie string begin with the name we want? + if (cookie.substring(0, name.length + 1) == (name + '=')) { + cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); + break; + } + } + } + return cookieValue; +} + +function csrfSafeMethod(method) { + // these HTTP methods do not require CSRF protection + return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); +} diff --git a/tbc/static/js/jquery.postcsrf.js b/tbc/static/js/jquery.postcsrf.js new file mode 100644 index 0000000..911626a --- /dev/null +++ b/tbc/static/js/jquery.postcsrf.js @@ -0,0 +1,59 @@ +/** + * Wrapper for jQuery's $.post() that retrieves the CSRF token from the browser + * cookie and sets then sets "X-CSRFToken" header in one fell swoop. + * + * Based on the example code given at the Django docs: + * https://docs.djangoproject.com/en/1.9/ref/csrf/#ajax + * + * Use as you would $.post(). + */ + +(function($) { + + $.postCSRF = function(url, data, callback, type) { + + function csrfSafeMethod(method) { + // these HTTP methods do not require CSRF protection + return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); + } + + function getCookie(name) { + var cookieValue = null; + if (document.cookie && document.cookie !== '') { + var cookies = document.cookie.split(';'); + for (var i = 0; i < cookies.length; i++) { + var cookie = jQuery.trim(cookies[i]); + // Does this cookie string begin with the name we want? + if (cookie.substring(0, name.length + 1) == (name + '=')) { + cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); + break; + } + } + } + return cookieValue; + } + + var csrftoken = getCookie('csrftoken'); + + // shift arguments if data argument was omitted + if ($.isFunction(data)) { + type = type || callback; + callback = data; + data = undefined; + } + + return $.ajax(jQuery.extend({ + url: url, + type: "POST", + dataType: type, + data: data, + success: callback, + beforeSend: function(xhr, settings) { + if (!csrfSafeMethod(settings.type) && !this.crossDomain) { + xhr.setRequestHeader("X-CSRFToken", csrftoken); + } + } + }, jQuery.isPlainObject(url) && url)); + }; + +}(jQuery)); |