Create a gist now

Instantly share code, notes, and snippets.

This is what I did to insert the CSRF token in backbone requests. This works with django.
var oldSync = Backbone.sync;
Backbone.sync = function(method, model, options){
options.beforeSend = function(xhr){
xhr.setRequestHeader('X-CSRFToken', CSRF_TOKEN);
};
return oldSync(method, model, options);
};
@jbraithwaite

Awesome, thank you.

@justinperkins

More of a fan of a global, non-backbone specific approach: https://gist.github.com/3960219

@ddpunk
ddpunk commented Feb 27, 2014

Here is the sollution I used with suggestions from here: http://backbonetutorials.com/cross-domain-sessions/

$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
  var token;
  options.xhrFields = {
    withCredentials: true
  };
  token = $('meta[name="csrf-token"]').attr('content');
  if (token) {
    return jqXHR.setRequestHeader('X-CSRF-Token', token);
  }
});
@cmdelatorre

My version here (updated to 2015): https://gist.github.com/cmdelatorre/8cd3de8b2006abfa48a8

oldSync = Backbone.sync
Backbone.sync = (method, model, options) ->

    csrfSafeMethod = (method) ->
        # these HTTP methods do not require CSRF protection
        /^(GET|HEAD|OPTIONS|TRACE)$/.test method

    options.beforeSend = (xhr, settings) ->
        if !csrfSafeMethod(settings.type) and !@crossDomain
            xhr.setRequestHeader 'X-CSRFToken', $.cookie('csrftoken')
        return
    oldSync method, model, options
@gfcarbonell

example?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment