Re: html response to be loaded in a div

Fri, 20 Feb 2015 11:13:34 -0800 

Oh I see. Meanwhile I'm trying to implement the token but I cant get this 
to work, I copied the code from Django's docs and now Im getting a 
javascript error syaing that the function sameOrigin is not defined.




*Code*    function getCookie(name) {
        var cookieValue = null;
        if (document.cookie && document.cookie != '') {
            var cookies = document.cookie.split(';');
            for (var i=0; i<cookies.length; i++) {
                var cookie = jQuery.trim(cookies[i]);
                // Does this cookie string begin with the name we want?
                if (cookie.substring(0, name.length+1) == (name + '=')) {
                    cookieValue = 
decodeURIComponent(cookie.substring(name.length + 1));
                    break;
                }
            }
        }
        return cookieValue;
    }


    function csrfSafeMethod(method) {
        // these HTTP methods do not require CSRF protection
        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    }
    function sameOrigin(url) {
        // test that a given url is a same-origin URL
        // url could be relative or scheme relative or absolute
        var host = document.location.host; // host + port
        var protocol = document.location.protocol;
        var sr_origin = '//' + host;
        var origin = protocol + sr_origin;
        // Allow absolute or scheme relative URLs to same origin
        return (url == origin || url.slice(0, origin.length + 1) == origin 
+ '/') ||
            (url == sr_origin || url.slice(0, sr_origin.length + 1) == 
sr_origin + '/') ||
            // or any other URL that isn't scheme relative or absolute i.e 
relative.
            !(/^(\/\/|http:|https:).*/.test(url));
    }
    $.ajaxSetup({
        beforeSend: function(xhr, settings) {
            if (!csrfSafeMethod(settings.type) && sameOrigin(settings.url)) 
{
                // Send the token to same-origin, relative URLs only.
                // Send the token only if the method warrants CSRF 
protection
                // Using the CSRFToken value acquired earlier
                xhr.setRequestHeader("X-CSRFToken", csrftoken);
            }
        }
    });

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/a9eb7352-d042-4170-b21f-62ccc6c5e209%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to