fnp / redakcja.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move to Django 1.5.
[redakcja.git] / apps / fileupload / static / fileupload / js / csrf.js
diff --git a/apps/fileupload/static/fileupload/js/csrf.js b/apps/fileupload/static/fileupload/js/csrf.js
new file mode 100644 (file)
index 0000000..aec99cc
--- /dev/null
+++ b/apps/fileupload/static/fileupload/js/csrf.js
@@ -0,0 +1,22 @@
+// modify jquery ajax to add csrtoken when doing "local" requests
+$('html').ajaxSend(function(event, xhr, settings) {
+    function getCookie(name) {
+        var cookieValue = null;
+        if (document.cookie && document.cookie != '') {
+            var cookies = document.cookie.split(';');
+            for (var i = 0; i < cookies.length; i++) {
+                var cookie = jQuery.trim(cookies[i]);
+                // Does this cookie string begin with the name we want?
+                if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                    break;
+                }
+            }
+        }
+        return cookieValue;
+    }
+    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+        // Only send the token to relative URLs i.e. locally.
+        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+    }
+});