From: jordan <jordan@0cfe37f9-358a-4d5e-be75-b63607b5c754>
Date: Tue, 3 May 2011 17:05:39 +0000 (+0000)
Subject: Resolves OSQA-662. We pass the CSRF Token to the AJAX request during the ajax send... 
X-Git-Tag: live~297
X-Git-Url: https://git.openstreetmap.org./osqa.git/commitdiff_plain/21fa4fe96b79ae04c0cfb32591f00185dae98be3?ds=inline

Resolves OSQA-662. We pass the CSRF Token to the AJAX request during the ajax send event.

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@1016 0cfe37f9-358a-4d5e-be75-b63607b5c754
---

diff --git a/forum/skins/default/media/js/osqa.main.js b/forum/skins/default/media/js/osqa.main.js
index ae03c67..48de0b6 100644
--- a/forum/skins/default/media/js/osqa.main.js
+++ b/forum/skins/default/media/js/osqa.main.js
@@ -1,3 +1,29 @@
+/**
+ * We do not want the CSRF protection enabled for the AJAX post requests, it causes only trouble.
+ * Get the csrftoken cookie and pass it to the X-CSRFToken HTTP request property.
+ */
+$('html').ajaxSend(function(event, xhr, settings) {
+    function getCookie(name) {
+        var cookieValue = null;
+        if (document.cookie && document.cookie != '') {
+            var cookies = document.cookie.split(';');
+            for (var i = 0; i < cookies.length; i++) {
+                var cookie = jQuery.trim(cookies[i]);
+                // Does this cookie string begin with the name we want?
+                if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                    break;
+                }
+            }
+        }
+        return cookieValue;
+    }
+    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+        // Only send the token to relative URLs i.e. locally.
+        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+    }
+});
+
 var response_commands = {
     refresh_page: function() {
         window.location.reload(true)