From 65b877bac4d865d4933523445488f4bff2c6888c Mon Sep 17 00:00:00 2001
From: Scott Baker <smbaker@gmail.com>
Date: Tue, 28 Oct 2014 16:02:05 -0700
Subject: [PATCH] getting it from a cookie is better than sticking it in a meta
 tag

---
 .../xoslib/static/js/xoslib/xos-backbone.js   | 19 ++++++++++++++++++-
 planetstack/templates/admin/base.html         |  1 -
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
index af79852..cd1c305 100644
--- a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
+++ b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
@@ -14,6 +14,22 @@ if (! window.XOSLIB_LOADED ) {
 
     SLICEPLUS_API = "/xoslib/slicesplus/";
 
+    function getCookie(name) {
+        var cookieValue = null;
+        if (document.cookie && document.cookie != '') {
+            var cookies = document.cookie.split(';');
+            for (var i = 0; i < cookies.length; i++) {
+                var cookie = jQuery.trim(cookies[i]);
+                // Does this cookie string begin with the name we want?
+                if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                    break;
+                }
+            }
+        }
+        return cookieValue;
+    }
+
     XOSModel = Backbone.Model.extend({
         /* from backbone-tastypie.js */
         //idAttribute: 'resource_uri',
@@ -231,7 +247,8 @@ if (! window.XOSLIB_LOADED ) {
       var _sync = Backbone.sync;
       Backbone.sync = function(method, model, options){
         options.beforeSend = function(xhr){
-          var token = $('meta[name="csrf-token"]').attr('content');
+          //var token = $('meta[name="csrf-token"]').attr('content');
+          var token = getCookie("csrftoken");
           xhr.setRequestHeader('X-CSRFToken', token);
           console.log(token);
         };
diff --git a/planetstack/templates/admin/base.html b/planetstack/templates/admin/base.html
index 21f7974..dc92ca9 100644
--- a/planetstack/templates/admin/base.html
+++ b/planetstack/templates/admin/base.html
@@ -2,7 +2,6 @@
 <html lang="{{ LANGUAGE_CODE|default:"en-us" }}" {% if LANGUAGE_BIDI %}dir="rtl"{% endif %}>
 <head>
   <title>{% block title %}  {%if title %} {{ title }} | {% endif %} {{ 'ADMIN_NAME'|suit_conf }}{% endblock %}</title>
-  <meta name="csrf-token" content="{{csrf_token}}">
   <link rel="stylesheet" type="text/css" href="{% block stylesheet %}{% endblock %}"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/bootstrap/css/bootstrap.min.css' %}" media="all"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/css/suit.css' %}" media="all">
-- 
2.43.0