+/**\r
+ * We do not want the CSRF protection enabled for the AJAX post requests, it causes only trouble.\r
+ * Get the csrftoken cookie and pass it to the X-CSRFToken HTTP request property.\r
+ */\r
+$('html').ajaxSend(function(event, xhr, settings) {\r
+ function getCookie(name) {\r
+ var cookieValue = null;\r
+ if (document.cookie && document.cookie != '') {\r
+ var cookies = document.cookie.split(';');\r
+ for (var i = 0; i < cookies.length; i++) {\r
+ var cookie = jQuery.trim(cookies[i]);\r
+ // Does this cookie string begin with the name we want?\r
+ if (cookie.substring(0, name.length + 1) == (name + '=')) {\r
+ cookieValue = decodeURIComponent(cookie.substring(name.length + 1));\r
+ break;\r
+ }\r
+ }\r
+ }\r
+ return cookieValue;\r
+ }\r
+ if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {\r
+ // Only send the token to relative URLs i.e. locally.\r
+ xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));\r
+ }\r
+});\r
+\r
var response_commands = {\r
refresh_page: function() {\r
window.location.reload(true)\r
if ($form.length) {\r
var $textarea = $container.find('textarea');\r
var textarea = $textarea.get(0);\r
+ var $csrf = $container.find('[name="csrfmiddlewaretoken"]');\r
var $button = $container.find('.comment-submit');\r
var $cancel = $container.find('.comment-cancel');\r
var $chars_left_message = $container.find('.comments-chars-left-msg');\r
if (running) return false;\r
\r
var post_data = {\r
- comment: $textarea.val()\r
+ comment: $textarea.val(),\r
+ csrfmiddlewaretoken: $csrf.val()\r
}\r
\r
if (comment_in_form) {\r
projects / osqa.git / blobdiff