From e350641d021829748bfdc08c4e03ddc6607ff79c Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Thu, 28 Apr 2011 22:17:10 -0600 Subject: Include CSRF token in remote:true calls --- .../rails/app/templates/vendor/assets/javascripts/jquery_ujs.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js b/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js index 4dcb3779a2..8618ac5958 100644 --- a/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js +++ b/railties/lib/rails/generators/rails/app/templates/vendor/assets/javascripts/jquery_ujs.js @@ -31,7 +31,12 @@ } else { method = element.attr('data-method'); url = element.attr('href'); - data = null; + + csrf_token = $('meta[name=csrf-token]').attr('content'); + csrf_param = $('meta[name=csrf-param]').attr('content'); + + data = {}; + data[csrf_param] = csrf_token; } $.ajax({ -- cgit v1.2.3