[1.2.X] Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7... (87fa64ca) · Commits · Dom Sekotill / django

docs/ref/contrib/csrf.txt

+14 −3

Original line number	Diff line number	Diff line
		@@ -96,7 +96,7 @@ that allow headers to be set on every request. In jQuery, you can use the

		.. code-block:: javascript

		$('html').ajaxSend(function(event, xhr, settings) {
		$(document).ajaxSend(function(event, xhr, settings) {
		function getCookie(name) {
		var cookieValue = null;
		if (document.cookie && document.cookie != '') {
		@@ -112,8 +112,19 @@ that allow headers to be set on every request. In jQuery, you can use the
		}
		return cookieValue;
		}
		if (!(/^http:./.test(settings.url) \|\| /^https:./.test(settings.url))) {
		// Only send the token to relative URLs i.e. locally.
		function sameOrigin(url) {
		// url could be relative or scheme relative or absolute
		var host = document.location.host; // host + port
		var protocol = document.location.protocol;
		var sr_origin = '//' + host;
		var origin = protocol + sr_origin;
		// Allow absolute or scheme relative URLs to same origin
		return (url == origin \|\| url.slice(0, origin.length + 1) == origin + '/') \|\|
		(url == sr_origin \|\| url.slice(0, sr_origin.length + 1) == sr_origin + '/') \|\|
		// or any other URL that isn't scheme relative or absolute i.e relative.
		!(/^(\/\/\|http:\|https:).*/.test(url));
		}
		if (sameOrigin(settings.url)) {
		xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
		}
		});