Set the X-CSRF-Token header for AJAX requests with jQuery. #950

61c00779 · Andrew Smith · Felix Schäfer · 375045a8 · 61c00779
Commit 61c00779 authored Mar 25, 2012 by Andrew Smith Committed by Felix Schäfer May 20, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletion

application.js public/javascripts/application.js +9 -1

No files found.
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -467,7 +467,15 @@ jQuery.viewportHeight = function() {

 // Automatically use format.js for jQuery Ajax
 jQuery.ajaxSetup({
-  'beforeSend': function(xhr) {xhr.setRequestHeader("Accept", "text/javascript")}
+    'beforeSend': function(xhr) {
+        xhr.setRequestHeader("Accept", "text/javascript");
+
+        // TODO: Remove once jquery-rails (Rails 3) has been added a dependency
+        var csrf_meta_tag = jQuery('meta[name="csrf-token"]');
+        if (csrf_meta_tag) {
+            xhr.setRequestHeader('X-CSRF-Token', csrf_meta_tag.attr('content'));
+        }
+    }
 })

 /* TODO: integrate with existing code and/or refactor */