Create a gist now

Instantly share code, notes, and snippets.

Embed
This is what I did to insert the CSRF token in backbone requests. This works with django.
var oldSync = Backbone.sync;
Backbone.sync = function(method, model, options){
options.beforeSend = function(xhr){
xhr.setRequestHeader('X-CSRFToken', CSRF_TOKEN);
};
return oldSync(method, model, options);
};
@jbraithwaite

This comment has been minimized.

Show comment
Hide comment
@jbraithwaite

jbraithwaite Nov 25, 2012

Awesome, thank you.

Awesome, thank you.

@justinperkins

This comment has been minimized.

Show comment
Hide comment
@justinperkins

justinperkins Jan 4, 2013

More of a fan of a global, non-backbone specific approach: https://gist.github.com/3960219

More of a fan of a global, non-backbone specific approach: https://gist.github.com/3960219

@ddpunk

This comment has been minimized.

Show comment
Hide comment
@ddpunk

ddpunk Feb 27, 2014

Here is the sollution I used with suggestions from here: http://backbonetutorials.com/cross-domain-sessions/

$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
  var token;
  options.xhrFields = {
    withCredentials: true
  };
  token = $('meta[name="csrf-token"]').attr('content');
  if (token) {
    return jqXHR.setRequestHeader('X-CSRF-Token', token);
  }
});

ddpunk commented Feb 27, 2014

Here is the sollution I used with suggestions from here: http://backbonetutorials.com/cross-domain-sessions/

$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
  var token;
  options.xhrFields = {
    withCredentials: true
  };
  token = $('meta[name="csrf-token"]').attr('content');
  if (token) {
    return jqXHR.setRequestHeader('X-CSRF-Token', token);
  }
});
@cmdelatorre

This comment has been minimized.

Show comment
Hide comment
@cmdelatorre

cmdelatorre Aug 25, 2015

My version here (updated to 2015): https://gist.github.com/cmdelatorre/8cd3de8b2006abfa48a8

oldSync = Backbone.sync
Backbone.sync = (method, model, options) ->

    csrfSafeMethod = (method) ->
        # these HTTP methods do not require CSRF protection
        /^(GET|HEAD|OPTIONS|TRACE)$/.test method

    options.beforeSend = (xhr, settings) ->
        if !csrfSafeMethod(settings.type) and !@crossDomain
            xhr.setRequestHeader 'X-CSRFToken', $.cookie('csrftoken')
        return
    oldSync method, model, options

My version here (updated to 2015): https://gist.github.com/cmdelatorre/8cd3de8b2006abfa48a8

oldSync = Backbone.sync
Backbone.sync = (method, model, options) ->

    csrfSafeMethod = (method) ->
        # these HTTP methods do not require CSRF protection
        /^(GET|HEAD|OPTIONS|TRACE)$/.test method

    options.beforeSend = (xhr, settings) ->
        if !csrfSafeMethod(settings.type) and !@crossDomain
            xhr.setRequestHeader 'X-CSRFToken', $.cookie('csrftoken')
        return
    oldSync method, model, options
@gfcarbonell

This comment has been minimized.

Show comment
Hide comment

example?

@Mihai925

This comment has been minimized.

Show comment
Hide comment
@Mihai925

Mihai925 Mar 26, 2017

Thanks! Finally something that works!

Thanks! Finally something that works!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment