kieran/CSRF-ajax-setup.js.coffee

## base_controller.rb
class Api::V1::ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :set_csrf_header

  private
  def set_csrf_header
    response.headers['X-CSRF-Token'] = session[:_csrf_token] ||= SecureRandom.base64(32)
  end

end

## CSRF-ajax-setup.js.coffee
$.ajaxSetup
  xhrFields:
    withCredentials: true

$(document).ajaxSend (event, jqxhr, settings)->
  jqxhr.setRequestHeader 'X-CSRF-Token', Embed.get 'csrf-token'

$(document).ajaxComplete (event, jqxhr, settings)->
  if jqxhr.getResponseHeader('X-CSRF-Token')?
    Embed.set 'csrf-token', jqxhr.getResponseHeader 'X-CSRF-Token'

## listings_controller.rb
module Api
  module V1

    class ListingsController < ApplicationController
      # ...
    end

 end
end
	class Api::V1::ApplicationController < ActionController::Base
	protect_from_forgery
	before_filter :set_csrf_header

	private
	def set_csrf_header
	response.headers['X-CSRF-Token'] = session[:_csrf_token] \|\|= SecureRandom.base64(32)
	end

	end
	$.ajaxSetup
	xhrFields:
	withCredentials: true

	$(document).ajaxSend (event, jqxhr, settings)->
	jqxhr.setRequestHeader 'X-CSRF-Token', Embed.get 'csrf-token'

	$(document).ajaxComplete (event, jqxhr, settings)->
	if jqxhr.getResponseHeader('X-CSRF-Token')?
	Embed.set 'csrf-token', jqxhr.getResponseHeader 'X-CSRF-Token'
	module Api
	module V1

	class ListingsController < ApplicationController
	# ...
	end

	end
	end