2012-01-26 11:30:53 -08:00
|
|
|
(function () {
|
2014-01-18 19:54:11 -08:00
|
|
|
var CSRFProtection;
|
|
|
|
|
var token = $('meta[name="csrf-token"]').attr('content');
|
|
|
|
|
if (token) {
|
|
|
|
|
CSRFProtection = function(xhr, settings) {
|
|
|
|
|
var sendToken = (
|
|
|
|
|
(typeof settings.useCSRFProtection === 'undefined') // default to true
|
|
|
|
|
|| settings.useCSRFProtection);
|
|
|
|
|
if (sendToken) {
|
|
|
|
|
xhr.setRequestHeader('X-CSRF-Token', token);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
CSRFProtection = $.noop;
|
|
|
|
|
}
|
2012-01-26 11:30:53 -08:00
|
|
|
|
Move closet-hangers-update form from partial to JS
We lose no-JS support, which I kinda miss, but caching is gonna be more
important down the line. Delete form moves next, then we cache.
CSRF token changes: it looks like, by setting a data attribute in AJAX, I
was overwriting the CSRF token. I don't remember it working that way, but
now we use beforeSend to add the X-CSRF-Token header instead, which is nicer,
anyway. The issue might've been something else, but this worked :/
The CSS was also not showing the loading ellipsis properly. I think that's a
dev-only issue in how live assets are being served versus static assets, but
may as well add UTF-8 charset directives everywhere, anyway.
2013-06-22 15:27:00 -07:00
|
|
|
$.ajaxSetup({
|
|
|
|
|
beforeSend: CSRFProtection
|
|
|
|
|
});
|
2012-01-26 11:30:53 -08:00
|
|
|
})();
|
