aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/app/assets/javascripts/utils/csrf.coffee
diff options
context:
space:
mode:
authorGuillermo Iguaran <guilleiguaran@gmail.com>2016-11-25 10:27:07 -0500
committerGuillermo Iguaran <guilleiguaran@gmail.com>2016-11-26 01:23:07 -0500
commitad3a47759e67a411f3534309cdd704f12f6930a7 (patch)
tree1da091b1dbf782068bb3881ef44886dc779ea149 /actionview/app/assets/javascripts/utils/csrf.coffee
parent0cafbd4e9e0a226c5ef32eebb826f3acb902b744 (diff)
downloadrails-ad3a47759e67a411f3534309cdd704f12f6930a7.tar.gz
rails-ad3a47759e67a411f3534309cdd704f12f6930a7.tar.bz2
rails-ad3a47759e67a411f3534309cdd704f12f6930a7.zip
Add rails-ujs to Action View
Diffstat (limited to 'actionview/app/assets/javascripts/utils/csrf.coffee')
-rw-r--r--actionview/app/assets/javascripts/utils/csrf.coffee25
1 files changed, 25 insertions, 0 deletions
diff --git a/actionview/app/assets/javascripts/utils/csrf.coffee b/actionview/app/assets/javascripts/utils/csrf.coffee
new file mode 100644
index 0000000000..4eb5ebb414
--- /dev/null
+++ b/actionview/app/assets/javascripts/utils/csrf.coffee
@@ -0,0 +1,25 @@
+#= require ./dom
+
+{ $ } = Rails
+
+# Up-to-date Cross-Site Request Forgery token
+csrfToken = Rails.csrfToken = ->
+ meta = document.querySelector('meta[name=csrf-token]')
+ meta and meta.content
+
+# URL param that must contain the CSRF token
+csrfParam = Rails.csrfParam = ->
+ meta = document.querySelector('meta[name=csrf-param]')
+ meta and meta.content
+
+# Make sure that every Ajax request sends the CSRF token
+Rails.CSRFProtection = (xhr) ->
+ token = csrfToken()
+ xhr.setRequestHeader('X-CSRF-Token', token) if token?
+
+# Make sure that all forms have actual up-to-date tokens (cached forms contain old ones)
+Rails.refreshCSRFTokens = ->
+ token = csrfToken()
+ param = csrfParam()
+ if token? and param?
+ $('form input[name="' + param + '"]').forEach (input) -> input.value = token
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 05:41:58 +0000