root / static / js / jquery_csrf_protect.js @ 94fb8123
History | View | Annotate | Download (1.6 kB)
| 1 |
$(document).ajaxSend(function(event, xhr, settings) { |
|---|---|
| 2 |
function getCookie(name) { |
| 3 |
var cookieValue = null; |
| 4 |
if (document.cookie && document.cookie != '') { |
| 5 |
var cookies = document.cookie.split(';'); |
| 6 |
for (var i = 0; i < cookies.length; i++) { |
| 7 |
var cookie = jQuery.trim(cookies[i]);
|
| 8 |
// Does this cookie string begin with the name we want?
|
| 9 |
if (cookie.substring(0, name.length + 1) == (name + '=')) { |
| 10 |
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
|
| 11 |
break;
|
| 12 |
} |
| 13 |
} |
| 14 |
} |
| 15 |
return cookieValue;
|
| 16 |
} |
| 17 |
function sameOrigin(url) { |
| 18 |
// url could be relative or scheme relative or absolute
|
| 19 |
var host = document.location.host; // host + port |
| 20 |
var protocol = document.location.protocol;
|
| 21 |
var sr_origin = '//' + host; |
| 22 |
var origin = protocol + sr_origin;
|
| 23 |
// Allow absolute or scheme relative URLs to same origin
|
| 24 |
return (url == origin || url.slice(0, origin.length + 1) == origin + '/') || |
| 25 |
(url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') || |
| 26 |
// or any other URL that isn't scheme relative or absolute i.e relative.
|
| 27 |
!(/^(\/\/|http:|https:).*/.test(url));
|
| 28 |
} |
| 29 |
function safeMethod(method) { |
| 30 |
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); |
| 31 |
} |
| 32 |
|
| 33 |
if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
|
| 34 |
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); |
| 35 |
} |
| 36 |
}); |