diff options
author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2016-11-25 10:27:07 -0500 |
---|---|---|
committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2016-11-26 01:23:07 -0500 |
commit | ad3a47759e67a411f3534309cdd704f12f6930a7 (patch) | |
tree | 1da091b1dbf782068bb3881ef44886dc779ea149 /actionview/app/assets/javascripts/utils/csrf.coffee | |
parent | 0cafbd4e9e0a226c5ef32eebb826f3acb902b744 (diff) | |
download | rails-ad3a47759e67a411f3534309cdd704f12f6930a7.tar.gz rails-ad3a47759e67a411f3534309cdd704f12f6930a7.tar.bz2 rails-ad3a47759e67a411f3534309cdd704f12f6930a7.zip |
Add rails-ujs to Action View
Diffstat (limited to 'actionview/app/assets/javascripts/utils/csrf.coffee')
-rw-r--r-- | actionview/app/assets/javascripts/utils/csrf.coffee | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/actionview/app/assets/javascripts/utils/csrf.coffee b/actionview/app/assets/javascripts/utils/csrf.coffee new file mode 100644 index 0000000000..4eb5ebb414 --- /dev/null +++ b/actionview/app/assets/javascripts/utils/csrf.coffee @@ -0,0 +1,25 @@ +#= require ./dom + +{ $ } = Rails + +# Up-to-date Cross-Site Request Forgery token +csrfToken = Rails.csrfToken = -> + meta = document.querySelector('meta[name=csrf-token]') + meta and meta.content + +# URL param that must contain the CSRF token +csrfParam = Rails.csrfParam = -> + meta = document.querySelector('meta[name=csrf-param]') + meta and meta.content + +# Make sure that every Ajax request sends the CSRF token +Rails.CSRFProtection = (xhr) -> + token = csrfToken() + xhr.setRequestHeader('X-CSRF-Token', token) if token? + +# Make sure that all forms have actual up-to-date tokens (cached forms contain old ones) +Rails.refreshCSRFTokens = -> + token = csrfToken() + param = csrfParam() + if token? and param? + $('form input[name="' + param + '"]').forEach (input) -> input.value = token |