Created
September 25, 2011 14:56
-
-
Save gcollazo/1240683 to your computer and use it in GitHub Desktop.
This is what I did to insert the CSRF token in backbone requests. This works with django.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var oldSync = Backbone.sync; | |
| Backbone.sync = function(method, model, options){ | |
| options.beforeSend = function(xhr){ | |
| xhr.setRequestHeader('X-CSRFToken', CSRF_TOKEN); | |
| }; | |
| return oldSync(method, model, options); | |
| }; |
Awesome, thank you.
More of a fan of a global, non-backbone specific approach: https://gist.github.com/3960219
Here is the sollution I used with suggestions from here: http://backbonetutorials.com/cross-domain-sessions/
$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
var token;
options.xhrFields = {
withCredentials: true
};
token = $('meta[name="csrf-token"]').attr('content');
if (token) {
return jqXHR.setRequestHeader('X-CSRF-Token', token);
}
});
My version here (updated to 2015): https://gist.github.com/cmdelatorre/8cd3de8b2006abfa48a8
oldSync = Backbone.sync
Backbone.sync = (method, model, options) ->
csrfSafeMethod = (method) ->
# these HTTP methods do not require CSRF protection
/^(GET|HEAD|OPTIONS|TRACE)$/.test method
options.beforeSend = (xhr, settings) ->
if !csrfSafeMethod(settings.type) and !@crossDomain
xhr.setRequestHeader 'X-CSRFToken', $.cookie('csrftoken')
return
oldSync method, model, options
example?
Thanks! Finally something that works!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/alanhamlett/backbone/commit/91941afe693ae85bc5303b8e61982876cd5ae415