Created
July 27, 2013 02:55
-
-
Save dpnova/6093477 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(function(foo, $, undefined) { | |
foo.csrf= { | |
csrftoken: $.cookie('csrftoken'), | |
csrfSafeMethod: function(method) { | |
// these HTTP methods do not require CSRF protection | |
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); | |
}, | |
sameOrigin: function(url) { | |
// test that a given url is a same-origin URL | |
// url could be relative or scheme relative or absolute | |
var host = document.location.host; // host + port | |
var protocol = document.location.protocol; | |
var sr_origin = '//' + host; | |
var origin = protocol + sr_origin; | |
// Allow absolute or scheme relative URLs to same origin | |
return (url == origin || url.slice(0, origin.length + 1) == origin + '/') || | |
(url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') || | |
// or any other URL that isn't scheme relative or absolute i.e relative. | |
!(/^(\/\/|http:|https:).*/.test(url)); | |
} | |
}; | |
}(window.foo = window.foo || {}, jQuery)); | |
$(function(){ | |
$.ajaxSetup({ | |
beforeSend: function(xhr, settings) { | |
if (!foo.csrf.csrfSafeMethod(settings.type) && foo.csrf.sameOrigin(settings.url)) { | |
// Send the token to same-origin, relative URLs only. | |
// Send the token only if the method warrants CSRF protection | |
// Using the CSRFToken value acquired earlier | |
xhr.setRequestHeader("X-CSRFToken", foo.csrf.csrftoken); | |
} | |
} | |
}); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment