summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2011-02-12 23:39:39 +0000
committerLuke Plant <L.Plant.98@cantab.net>2011-02-12 23:39:39 +0000
commitcfaac48710fdab7cd427b8bea130a8a8c3f8bbbc (patch)
tree7f7e811309ce307af1124f45f23f8fc47a45ad56 /docs
parent6a438e2d1ab9bfdb2b4ae4cff121f812dd5fd241 (diff)
[1.2.X] Fixed #15284 - improved example jQuery code for adding X-CSRF-Token
Using the ajaxSend event is better than beforeSend, because the beforeSend callback can have only one value, which makes it painful if it is needed by multiple bits of javascript. Thanks to LukeMaurer for report and initial patch. Backport of [15515] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15517 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/contrib/csrf.txt36
1 files changed, 17 insertions, 19 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 5ac10dcfca..18675e48c8 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -90,31 +90,29 @@ every POST request. For this reason, there is an alternative method: on each
XMLHttpRequest, set a custom `X-CSRFToken` header to the value of the CSRF
token. This is often easier, because many javascript frameworks provide hooks
that allow headers to be set on every request. In jQuery, you can use the
-``beforeSend`` hook as follows:
+``ajaxSend`` event as follows:
.. code-block:: javascript
- $.ajaxSetup({
- beforeSend: function(xhr, settings) {
- function getCookie(name) {
- var cookieValue = null;
- if (document.cookie && document.cookie != '') {
- var cookies = document.cookie.split(';');
- for (var i = 0; i < cookies.length; i++) {
- var cookie = jQuery.trim(cookies[i]);
- // Does this cookie string begin with the name we want?
- if (cookie.substring(0, name.length + 1) == (name + '=')) {
- cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
- break;
- }
+ $('html').ajaxSend(function(event, xhr, settings) {
+ function getCookie(name) {
+ var cookieValue = null;
+ if (document.cookie && document.cookie != '') {
+ var cookies = document.cookie.split(';');
+ for (var i = 0; i < cookies.length; i++) {
+ var cookie = jQuery.trim(cookies[i]);
+ // Does this cookie string begin with the name we want?
+ if (cookie.substring(0, name.length + 1) == (name + '=')) {
+ cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+ break;
}
}
- return cookieValue;
- }
- if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
- // Only send the token to relative URLs i.e. locally.
- xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
+ return cookieValue;
+ }
+ if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+ // Only send the token to relative URLs i.e. locally.
+ xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
});