2019-11-02 00:06:25 +01:00
|
|
|
let csrf_token;
|
2020-07-02 01:45:54 +02:00
|
|
|
$(() => {
|
2018-12-17 00:15:52 +01:00
|
|
|
// This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
|
2019-11-02 00:06:25 +01:00
|
|
|
const csrf_input = $('input[name="csrfmiddlewaretoken"]');
|
2018-12-17 00:23:34 +01:00
|
|
|
if (csrf_input.length > 0) {
|
2020-07-15 01:29:15 +02:00
|
|
|
csrf_token = csrf_input.attr("value");
|
2018-12-17 00:23:34 +01:00
|
|
|
} else {
|
|
|
|
|
csrf_token = undefined;
|
|
|
|
|
}
|
2018-12-17 00:15:52 +01:00
|
|
|
window.csrf_token = csrf_token;
|
|
|
|
|
|
2018-12-17 00:23:34 +01:00
|
|
|
if (csrf_token === undefined) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-17 00:15:52 +01:00
|
|
|
$.ajaxSetup({
|
2020-07-20 22:18:43 +02:00
|
|
|
beforeSend(xhr, settings) {
|
2018-12-17 00:15:52 +01:00
|
|
|
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
|
|
|
|
|
// Only send the token to relative URLs i.e. locally.
|
|
|
|
|
xhr.setRequestHeader("X-CSRFToken", csrf_token);
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
