From: Scott Baker <smbaker@gmail.com>
Date: Tue, 28 Oct 2014 22:57:40 +0000 (-0700)
Subject: CSRF token support in xoslib
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=a2ba945abf4ed84f0511ac308652960a9a01be6a;p=plstackapi.git

CSRF token support in xoslib
---

diff --git a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
index d2d8f17..af79852 100644
--- a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
+++ b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
@@ -226,4 +226,16 @@ if (! window.XOSLIB_LOADED ) {
     };
 
     xos = new xoslib();
+
+    (function() {
+      var _sync = Backbone.sync;
+      Backbone.sync = function(method, model, options){
+        options.beforeSend = function(xhr){
+          var token = $('meta[name="csrf-token"]').attr('content');
+          xhr.setRequestHeader('X-CSRFToken', token);
+          console.log(token);
+        };
+        return _sync(method, model, options);
+      };
+    })();
 }
diff --git a/planetstack/templates/admin/base.html b/planetstack/templates/admin/base.html
index dc92ca9..21f7974 100644
--- a/planetstack/templates/admin/base.html
+++ b/planetstack/templates/admin/base.html
@@ -2,6 +2,7 @@
 <html lang="{{ LANGUAGE_CODE|default:"en-us" }}" {% if LANGUAGE_BIDI %}dir="rtl"{% endif %}>
 <head>
   <title>{% block title %}  {%if title %} {{ title }} | {% endif %} {{ 'ADMIN_NAME'|suit_conf }}{% endblock %}</title>
+  <meta name="csrf-token" content="{{csrf_token}}">
   <link rel="stylesheet" type="text/css" href="{% block stylesheet %}{% endblock %}"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/bootstrap/css/bootstrap.min.css' %}" media="all"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/css/suit.css' %}" media="all">