diff options
Diffstat (limited to 'gitrefinery/static/js/ajax.js')
-rw-r--r-- | gitrefinery/static/js/ajax.js | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/gitrefinery/static/js/ajax.js b/gitrefinery/static/js/ajax.js new file mode 100644 index 0000000..144a4a5 --- /dev/null +++ b/gitrefinery/static/js/ajax.js @@ -0,0 +1,19 @@ +/* git-refinery-web - ajax helper code + * Based on examples from the CSRF page in the Django manual + */ + +var csrftoken = Cookies.get('csrftoken'); + +function csrfSafeMethod(method) { + // these HTTP methods do not require CSRF protection + return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); +} +$.ajaxSetup({ + crossDomain: false, // obviates need for sameOrigin test + beforeSend: function(xhr, settings) { + if (!csrfSafeMethod(settings.type)) { + xhr.setRequestHeader("X-CSRFToken", csrftoken); + } + } +}); + |