Include CSRF token in remote:true calls

author: David Heinemeier Hansson <david@loudthinking.com> 2011-04-28 22:17:10 -0600
committer: David Heinemeier Hansson <david@loudthinking.com> 2011-04-29 18:22:10 -0600
commit: e350641d021829748bfdc08c4e03ddc6607ff79c (patch)
tree: 8c8dae40e606105f439fa322803c43542f2c5fa5 /railties
parent: 651836a4bd217d7d9992f4d9b34fa855aa7c0229 (diff)
download: rails-e350641d021829748bfdc08c4e03ddc6607ff79c.tar.gz
rails-e350641d021829748bfdc08c4e03ddc6607ff79c.tar.bz2
rails-e350641d021829748bfdc08c4e03ddc6607ff79c.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js b/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js
index 4dcb3779a2..8618ac5958 100644
--- a/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js
+++ b/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js
@@ -31,7 +31,12 @@
 		} else {
 			method = element.attr('data-method');
 			url = element.attr('href');
-			data = null;
+
+			csrf_token = $('meta[name=csrf-token]').attr('content');
+			csrf_param = $('meta[name=csrf-param]').attr('content');
+
+			data = {};
+			data[csrf_param] = csrf_token;
 		}
 
 		$.ajax({
author	David Heinemeier Hansson <david@loudthinking.com>	2011-04-28 22:17:10 -0600
committer	David Heinemeier Hansson <david@loudthinking.com>	2011-04-29 18:22:10 -0600
commit	e350641d021829748bfdc08c4e03ddc6607ff79c (patch)
tree	8c8dae40e606105f439fa322803c43542f2c5fa5 /railties
parent	651836a4bd217d7d9992f4d9b34fa855aa7c0229 (diff)
download	rails-e350641d021829748bfdc08c4e03ddc6607ff79c.tar.gz rails-e350641d021829748bfdc08c4e03ddc6607ff79c.tar.bz2 rails-e350641d021829748bfdc08c4e03ddc6607ff79c.zip