Created
December 9, 2014 19:34
-
-
Save bengolder/aa9033efc8959dc38e5d to your computer and use it in GitHub Desktop.
Django REST Framework and CSRF protection for ajax posts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var jQuery = window.$; | |
| // using jQuery | |
| function getCookie(name) { | |
| var cookieValue = null; | |
| if (document.cookie && document.cookie != '') { | |
| var cookies = document.cookie.split(';'); | |
| for (var i = 0; i < cookies.length; i++) { | |
| var cookie = jQuery.trim(cookies[i]); | |
| // Does this cookie string begin with the name we want? | |
| if (cookie.substring(0, name.length + 1) == (name + '=')) { | |
| cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); | |
| break; | |
| } | |
| } | |
| } | |
| return cookieValue; | |
| } | |
| function csrfSafeMethod(method) { | |
| // these HTTP methods do not require CSRF protection | |
| return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); | |
| } | |
| var csrftoken = getCookie('csrftoken'); | |
| $.ajaxSetup({ | |
| beforeSend: function(xhr, settings) { | |
| if (!csrfSafeMethod(settings.type) && !this.crossDomain) { | |
| xhr.setRequestHeader("X-CSRFToken", csrftoken); | |
| } | |
| } | |
| }); | |
| module.exports = csrftoken; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REST_FRAMEWORK = { | |
| 'DEFAULT_AUTHENTICATION_CLASSES': ( | |
| 'rest_framework.authentication.SessionAuthentication', | |
| ), | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks, this settings part I've been missing.