Fixed #15284 - improved example jQuery code for adding X-CSRF-Token
Using the ajaxSend event is better than beforeSend, because the beforeSend callback can have only one value, which makes it painful if it is needed by multiple bits of javascript. Thanks to LukeMaurer for report and initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15515 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
ee06020240
commit
d068a04244
|
@ -90,31 +90,29 @@ every POST request. For this reason, there is an alternative method: on each
|
||||||
XMLHttpRequest, set a custom `X-CSRFToken` header to the value of the CSRF
|
XMLHttpRequest, set a custom `X-CSRFToken` header to the value of the CSRF
|
||||||
token. This is often easier, because many javascript frameworks provide hooks
|
token. This is often easier, because many javascript frameworks provide hooks
|
||||||
that allow headers to be set on every request. In jQuery, you can use the
|
that allow headers to be set on every request. In jQuery, you can use the
|
||||||
``beforeSend`` hook as follows:
|
``ajaxSend`` event as follows:
|
||||||
|
|
||||||
.. code-block:: javascript
|
.. code-block:: javascript
|
||||||
|
|
||||||
$.ajaxSetup({
|
$('html').ajaxSend(function(event, xhr, settings) {
|
||||||
beforeSend: function(xhr, settings) {
|
function getCookie(name) {
|
||||||
function getCookie(name) {
|
var cookieValue = null;
|
||||||
var cookieValue = null;
|
if (document.cookie && document.cookie != '') {
|
||||||
if (document.cookie && document.cookie != '') {
|
var cookies = document.cookie.split(';');
|
||||||
var cookies = document.cookie.split(';');
|
for (var i = 0; i < cookies.length; i++) {
|
||||||
for (var i = 0; i < cookies.length; i++) {
|
var cookie = jQuery.trim(cookies[i]);
|
||||||
var cookie = jQuery.trim(cookies[i]);
|
// Does this cookie string begin with the name we want?
|
||||||
// Does this cookie string begin with the name we want?
|
if (cookie.substring(0, name.length + 1) == (name + '=')) {
|
||||||
if (cookie.substring(0, name.length + 1) == (name + '=')) {
|
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
|
||||||
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
|
break;
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return cookieValue;
|
|
||||||
}
|
|
||||||
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
|
|
||||||
// Only send the token to relative URLs i.e. locally.
|
|
||||||
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
|
|
||||||
}
|
}
|
||||||
|
return cookieValue;
|
||||||
|
}
|
||||||
|
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
|
||||||
|
// Only send the token to relative URLs i.e. locally.
|
||||||
|
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue