Resolves OSQA-662. We pass the CSRF Token to the AJAX request during the ajax send...

[osqa.git] / forum / skins / default / media / js / osqa.main.js

diff --git a/forum/skins/default/media/js/osqa.main.js b/forum/skins/default/media/js/osqa.main.js
index 2de5ecf56dc70bc74b66babf28e0618f96b91b56..48de0b6074255de759059d298de633e78d55c929 100644 (file)
--- a/forum/skins/default/media/js/osqa.main.js
+++ b/forum/skins/default/media/js/osqa.main.js
@@ -1,3 +1,29 @@
+/**\r
+ * We do not want the CSRF protection enabled for the AJAX post requests, it causes only trouble.\r
+ * Get the csrftoken cookie and pass it to the X-CSRFToken HTTP request property.\r
+ */\r
+$('html').ajaxSend(function(event, xhr, settings) {\r
+    function getCookie(name) {\r
+        var cookieValue = null;\r
+        if (document.cookie && document.cookie != '') {\r
+            var cookies = document.cookie.split(';');\r
+            for (var i = 0; i < cookies.length; i++) {\r
+                var cookie = jQuery.trim(cookies[i]);\r
+                // Does this cookie string begin with the name we want?\r
+                if (cookie.substring(0, name.length + 1) == (name + '=')) {\r
+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));\r
+                    break;\r
+                }\r
+            }\r
+        }\r
+        return cookieValue;\r
+    }\r
+    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {\r
+        // Only send the token to relative URLs i.e. locally.\r
+        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));\r
+    }\r
+});\r
+\r
 var response_commands = {\r
     refresh_page: function() {\r
         window.location.reload(true)\r
@@ -75,7 +101,7 @@ var response_commands = {
         alert('ok');\r
     },\r
 \r
-    insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url) {\r
+    insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url, can_convert) {\r
         var $container = $('#comments-container-' + post_id);\r
         var skeleton = $('#new-comment-skeleton-' + post_id).html().toString();\r
 \r
@@ -89,6 +115,11 @@ var response_commands = {
 \r
         $container.append(skeleton);\r
 \r
+        // Show the convert comment to answer tool only if the current comment can be converted\r
+        if (can_convert == true) {\r
+            $('#comment-' + comment_id + '-convert').show();\r
+        }\r
+\r
         $('#comment-' + comment_id).slideDown('slow');\r
     },\r
 \r
@@ -396,6 +427,7 @@ $(function() {
         if ($form.length) {\r
             var $textarea = $container.find('textarea');\r
             var textarea = $textarea.get(0);\r
+            var $csrf = $container.find('[name="csrfmiddlewaretoken"]');\r
             var $button = $container.find('.comment-submit');\r
             var $cancel = $container.find('.comment-cancel');\r
             var $chars_left_message = $container.find('.comments-chars-left-msg');\r
@@ -524,7 +556,8 @@ $(function() {
                 if (running) return false;\r
 \r
                 var post_data = {\r
-                    comment: $textarea.val()\r
+                    comment: $textarea.val(),\r
+                    csrfmiddlewaretoken: $csrf.val()\r
                 }\r
 \r
                 if (comment_in_form) {\r