blob: 911626a6849fde834adc75d3a59ee8f07cfb5a34 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
/**
* Wrapper for jQuery's $.post() that retrieves the CSRF token from the browser
* cookie and sets then sets "X-CSRFToken" header in one fell swoop.
*
* Based on the example code given at the Django docs:
* https://docs.djangoproject.com/en/1.9/ref/csrf/#ajax
*
* Use as you would $.post().
*/
(function($) {
$.postCSRF = function(url, data, callback, type) {
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
// shift arguments if data argument was omitted
if ($.isFunction(data)) {
type = type || callback;
callback = data;
data = undefined;
}
return $.ajax(jQuery.extend({
url: url,
type: "POST",
dataType: type,
data: data,
success: callback,
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
}, jQuery.isPlainObject(url) && url));
};
}(jQuery));
|
