If you're using jQuery 1.5.1 or above you can do this instead
// using jQuery
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue =
decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
On Fri, Feb 20, 2015 at 4:13 PM, João Marques <joao6697marq...@gmail.com>
wrote:
> Oh I see. Meanwhile I'm trying to implement the token but I cant get this
> to work, I copied the code from Django's docs and now Im getting a
> javascript error syaing that the function sameOrigin is not defined.
>
>
>
>
> *Code* function getCookie(name) {
> var cookieValue = null;
> if (document.cookie && document.cookie != '') {
> var cookies = document.cookie.split(';');
> for (var i=0; i<cookies.length; i++) {
> var cookie = jQuery.trim(cookies[i]);
> // Does this cookie string begin with the name we want?
> if (cookie.substring(0, name.length+1) == (name + '=')) {
> cookieValue =
> decodeURIComponent(cookie.substring(name.length + 1));
> break;
> }
> }
> }
> return cookieValue;
> }
>
>
> function csrfSafeMethod(method) {
> // these HTTP methods do not require CSRF protection
> return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
> }
> function sameOrigin(url) {
> // test that a given url is a same-origin URL
> // url could be relative or scheme relative or absolute
> var host = document.location.host; // host + port
> var protocol = document.location.protocol;
> var sr_origin = '//' + host;
> var origin = protocol + sr_origin;
> // Allow absolute or scheme relative URLs to same origin
> return (url == origin || url.slice(0, origin.length + 1) == origin
> + '/') ||
> (url == sr_origin || url.slice(0, sr_origin.length + 1) ==
> sr_origin + '/') ||
> // or any other URL that isn't scheme relative or absolute i.e
> relative.
> !(/^(\/\/|http:|https:).*/.test(url));
> }
> $.ajaxSetup({
> beforeSend: function(xhr, settings) {
> if (!csrfSafeMethod(settings.type) &&
> sameOrigin(settings.url)) {
> // Send the token to same-origin, relative URLs only.
> // Send the token only if the method warrants CSRF
> protection
> // Using the CSRFToken value acquired earlier
> xhr.setRequestHeader("X-CSRFToken", csrftoken);
> }
> }
> });
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/a9eb7352-d042-4170-b21f-62ccc6c5e209%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/a9eb7352-d042-4170-b21f-62ccc6c5e209%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CALn3ei3vnG2HHc8CZXcx1svdg%2BC8LPu%2BKJJG89ebRvvOx7p%3D4A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
