If you're using jQuery 1.5.1 or above you can do this instead
// using jQuery
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue =
decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
On Fri, Feb 20, 2015 at 4:13 PM, João Marques <[email protected]>
wrote:
> Oh I see. Meanwhile I'm trying to implement the token but I cant get this
> to work, I copied the code from Django's docs and now Im getting a
> javascript error syaing that the function sameOrigin is not defined.
>
>
>
>
> *Code* function getCookie(name) {
> var cookieValue = null;
> if (document.cookie && document.cookie != '') {
> var cookies = document.cookie.split(';');
> for (var i=0; i<cookies.length; i++) {
> var cookie = jQuery.trim(cookies[i]);
> // Does this cookie string begin with the name we want?
> if (cookie.substring(0, name.length+1) == (name + '=')) {
> cookieValue =
> decodeURIComponent(cookie.substring(name.length + 1));
> break;
> }
> }
> }
> return cookieValue;
> }
>
>
> function csrfSafeMethod(method) {
> // these HTTP methods do not require CSRF protection
> return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
> }
> function sameOrigin(url) {
> // test that a given url is a same-origin URL
> // url could be relative or scheme relative or absolute
> var host = document.location.host; // host + port
> var protocol = document.location.protocol;
> var sr_origin = '//' + host;
> var origin = protocol + sr_origin;
> // Allow absolute or scheme relative URLs to same origin
> return (url == origin || url.slice(0, origin.length + 1) == origin
> + '/') ||
> (url == sr_origin || url.slice(0, sr_origin.length + 1) ==
> sr_origin + '/') ||
> // or any other URL that isn't scheme relative or absolute i.e
> relative.
> !(/^(\/\/|http:|https:).*/.test(url));
> }
> $.ajaxSetup({
> beforeSend: function(xhr, settings) {
> if (!csrfSafeMethod(settings.type) &&
> sameOrigin(settings.url)) {
> // Send the token to same-origin, relative URLs only.
> // Send the token only if the method warrants CSRF
> protection
> // Using the CSRFToken value acquired earlier
> xhr.setRequestHeader("X-CSRFToken", csrftoken);
> }
> }
> });
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/a9eb7352-d042-4170-b21f-62ccc6c5e209%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/a9eb7352-d042-4170-b21f-62ccc6c5e209%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CALn3ei3vnG2HHc8CZXcx1svdg%2BC8LPu%2BKJJG89ebRvvOx7p%3D4A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
