Matchu
2876de2db0
We lose no-JS support, which I kinda miss, but caching is gonna be more important down the line. Delete form moves next, then we cache. CSRF token changes: it looks like, by setting a data attribute in AJAX, I was overwriting the CSRF token. I don't remember it working that way, but now we use beforeSend to add the X-CSRF-Token header instead, which is nicer, anyway. The issue might've been something else, but this worked :/ The CSS was also not showing the loading ellipsis properly. I think that's a dev-only issue in how live assets are being served versus static assets, but may as well add UTF-8 charset directives everywhere, anyway.
10 lines
241 B
JavaScript
10 lines
241 B
JavaScript
(function () {
|
|
var CSRFProtection = function (xhr) {
|
|
var token = $('meta[name="csrf-token"]').attr('content');
|
|
if(token) xhr.setRequestHeader('X-CSRF-Token', token);
|
|
};
|
|
|
|
$.ajaxSetup({
|
|
beforeSend: CSRFProtection
|
|
});
|
|
})();
|