Resolves OSQA-662. We pass the CSRF Token to the AJAX request during the ajax send...

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@1016 0cfe37f9-358a-4d5e-be75-b63607b5c754

diff --git a/forum/skins/default/media/js/osqa.main.js b/forum/skins/default/media/js/osqa.main.js
index ae03c678f5f960bf206f164c9d5575dd6b27ac0f..48de0b6074255de759059d298de633e78d55c929 100644 (file)
--- a/forum/skins/default/media/js/osqa.main.js
+++ b/forum/skins/default/media/js/osqa.main.js
@@ -1,3 +1,29 @@
+/**\r
+ * We do not want the CSRF protection enabled for the AJAX post requests, it causes only trouble.\r
+ * Get the csrftoken cookie and pass it to the X-CSRFToken HTTP request property.\r
+ */\r
+$('html').ajaxSend(function(event, xhr, settings) {\r
+    function getCookie(name) {\r
+        var cookieValue = null;\r
+        if (document.cookie && document.cookie != '') {\r
+            var cookies = document.cookie.split(';');\r
+            for (var i = 0; i < cookies.length; i++) {\r
+                var cookie = jQuery.trim(cookies[i]);\r
+                // Does this cookie string begin with the name we want?\r
+                if (cookie.substring(0, name.length + 1) == (name + '=')) {\r
+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));\r
+                    break;\r
+                }\r
+            }\r
+        }\r
+        return cookieValue;\r
+    }\r
+    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {\r
+        // Only send the token to relative URLs i.e. locally.\r
+        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));\r
+    }\r
+});\r
+\r
 var response_commands = {\r
     refresh_page: function() {\r
         window.location.reload(true)\r