ifyouseewendy/js_pass_protect_from_forgery.md

Last active August 29, 2015 14:23

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/ifyouseewendy/62e27c7a42a3a3765019.js"></script>
Save ifyouseewendy/62e27c7a42a3a3765019 to your computer and use it in GitHub Desktop.

Download ZIP

Make pure js POST request pass the `protect_from_forgery`, without Rails helper.

Raw

js_pass_protect_from_forgery.md

csrf.js

var csrftk = $("meta[name='csrf-token']").attr("content");

// Ajax set
$(document).ajaxSend(function(e, xhr, options) {
  xhr.setRequestHeader("X-CSRF-Token", csrftk);
});

// Form set
$('form').append('<input name="authenticity_token" type="hidden" value="'+csrftk+'"/>');

reports.html.erb

<html>
  <head>
    <%= csrf_meta_tag %>
    ...
  </head>
  <body>

    ...
    <%= javascript_include_tag 'csrf' %>
  </body>
</html>