X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=engine%2Fstatic%2Fjs%2Fmanifold-async.js;h=ada865aab6bdee0d85f6a00a932912d4aa059961;hb=da15d556eee34089124b7e24c9c503a8a0cb39e0;hp=ae35630eb5e410d639171622482cc51e5e27c047;hpb=2757273117a830a2ec078139acdfb996ed8aec78;p=unfold.git

diff --git a/engine/static/js/manifold-async.js b/engine/static/js/manifold-async.js
index ae35630e..ada865aa 100644
--- a/engine/static/js/manifold-async.js
+++ b/engine/static/js/manifold-async.js
@@ -200,3 +200,29 @@ function __old__manifold_async_render_success(data, query) {
         }
     }
 }
+
+//http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request
+//make sure to expose csrf in our outcoming ajax/post requests
+$.ajaxSetup({ 
+     beforeSend: function(xhr, settings) {
+         function getCookie(name) {
+             var cookieValue = null;
+             if (document.cookie && document.cookie != '') {
+                 var cookies = document.cookie.split(';');
+                 for (var i = 0; i < cookies.length; i++) {
+                     var cookie = jQuery.trim(cookies[i]);
+                     // Does this cookie string begin with the name we want?
+                 if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                     cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                     break;
+                 }
+             }
+         }
+         return cookieValue;
+         }
+         if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+             // Only send the token to relative URLs i.e. locally.
+             xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+         }
+     } 
+});