Instantly share code, notes, and snippets.

Embed
What would you like to do?
This is what I did to insert the CSRF token in backbone requests. This works with django.
var oldSync = Backbone.sync;
Backbone.sync = function(method, model, options){
options.beforeSend = function(xhr){
xhr.setRequestHeader('X-CSRFToken', CSRF_TOKEN);
};
return oldSync(method, model, options);
};
@jbraithwaite

This comment has been minimized.

jbraithwaite commented Nov 25, 2012

Awesome, thank you.

@justinperkins

This comment has been minimized.

justinperkins commented Jan 4, 2013

More of a fan of a global, non-backbone specific approach: https://gist.github.com/3960219

@ddpunk

This comment has been minimized.

ddpunk commented Feb 27, 2014

Here is the sollution I used with suggestions from here: http://backbonetutorials.com/cross-domain-sessions/

$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
  var token;
  options.xhrFields = {
    withCredentials: true
  };
  token = $('meta[name="csrf-token"]').attr('content');
  if (token) {
    return jqXHR.setRequestHeader('X-CSRF-Token', token);
  }
});
@cmdelatorre

This comment has been minimized.

cmdelatorre commented Aug 25, 2015

My version here (updated to 2015): https://gist.github.com/cmdelatorre/8cd3de8b2006abfa48a8

oldSync = Backbone.sync
Backbone.sync = (method, model, options) ->

    csrfSafeMethod = (method) ->
        # these HTTP methods do not require CSRF protection
        /^(GET|HEAD|OPTIONS|TRACE)$/.test method

    options.beforeSend = (xhr, settings) ->
        if !csrfSafeMethod(settings.type) and !@crossDomain
            xhr.setRequestHeader 'X-CSRFToken', $.cookie('csrftoken')
        return
    oldSync method, model, options
@gfcarbonell

This comment has been minimized.

gfcarbonell commented Jul 11, 2016

example?

@Mihai925

This comment has been minimized.

Mihai925 commented Mar 26, 2017

Thanks! Finally something that works!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment