From 02209eae5ad8ec57ee8b985058a4aa788a1a5767 Mon Sep 17 00:00:00 2001
From: Alvin
Date: Wed, 2 Mar 2011 19:03:24 -0800
Subject: [PATCH 01/11] Edited to show what I am about to change
---
README.md | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/README.md b/README.md
index e75848cb..d1f61afa 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,20 @@
+jquery-ujs for Django
+========================================
+Works like the old one. Since Django's CsrfMiddleware doesn't:
+
+- give you an easy way to make the meta tag
+- send the token in the header
+
+I modified it. It's still called rails.js in the repo, though.
+
+It instead sends the token the way django wants it, which is as an additional POST parameter named 'csrfmiddlewaretoken'. To get the token, it uses the selector "#csrf_token input" and reads the resulting element's value attribute. The easiest way to set this up is to put something like
+
+
{% csrf_token %}
+
+in your template.
+
+Also, I haven't updated the tests to reflect the new tag placement.
+
Unobtrusive scripting adapter for jQuery
========================================
From 6e18da1d7964d3574ccf153beadde8fe2f3e88ef Mon Sep 17 00:00:00 2001
From: Alvin Liang
Date: Wed, 2 Mar 2011 22:05:21 -0500
Subject: [PATCH 02/11] change rails.js for django
---
src/rails.js | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/src/rails.js b/src/rails.js
index e99d49e9..dfe06d62 100644
--- a/src/rails.js
+++ b/src/rails.js
@@ -3,17 +3,26 @@
*
* Requires jQuery 1.4.3 or later.
* https://github.com/rails/jquery-ujs
+ * Django modification
+ * https://github.com/aliang/jquery-ujs-django
*/
-
(function($) {
+ function getCSRFToken() {
+ return $('#csrf_token input').val();
+ }
+
+ function getCSRFParam() {
+ return 'csrfmiddlewaretoken';
+ }
+
// Make sure that every Ajax request sends the CSRF token
- function CSRFProtection(xhr) {
- var token = $('meta[name="csrf-token"]').attr('content');
- if (token) xhr.setRequestHeader('X-CSRF-Token', token);
+ function CSRFProtection(options) {
+ var token = getCSRFToken();
+ if (token) options[getCSRFParam()] = token;
}
- if ('ajaxPrefilter' in $) $.ajaxPrefilter(function(options, originalOptions, xhr){ CSRFProtection(xhr) });
- else $(document).ajaxSend(function(e, xhr){ CSRFProtection(xhr) });
-
+ if ('ajaxPrefilter' in $) $.ajaxPrefilter(function(options, originalOptions, xhr){ CSRFProtection(options) });
+ else $(document).ajaxSend(function(e, xhr, options){ CSRFProtection(options) });
+
// Triggers an event on an element and returns the event result
function fire(obj, name, data) {
var event = new $.Event(name);
@@ -68,11 +77,15 @@
function handleMethod(link) {
var href = link.attr('href'),
method = link.attr('data-method'),
- csrf_token = $('meta[name=csrf-token]').attr('content'),
- csrf_param = $('meta[name=csrf-param]').attr('content'),
+ // getting token for Django, not rails
+ csrf_token = getCSRFToken(),
+ csrf_param = getCSRFParam(),
form = $(''),
- metadata_input = '';
+ // only for Rails
+ // metadata_input = '';
+ metadata_input = '';
+ console.log(csrf_token);
if (csrf_param !== undefined && csrf_token !== undefined) {
metadata_input += '';
}
@@ -154,4 +167,4 @@
$('form').live('ajax:complete.rails', function(event) {
if (this == event.target) enableFormElements($(this));
});
-})( jQuery );
+})( jQuery );
\ No newline at end of file
From b9573052e7805b535f561d38a5bc378b45a48a83 Mon Sep 17 00:00:00 2001
From: Alvin
Date: Wed, 2 Mar 2011 19:06:47 -0800
Subject: [PATCH 03/11] minor clarifications
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index d1f61afa..b352eb4a 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,8 @@ jquery-ujs for Django
========================================
Works like the old one. Since Django's CsrfMiddleware doesn't:
-- give you an easy way to make the meta tag
-- send the token in the header
+- give you an easy way to make the meta tag that Rails uses
+- look for the CSRF token in the HTTP headers
I modified it. It's still called rails.js in the repo, though.
From 4288cd95c736941cd563d835830cc7f83478a6e2 Mon Sep 17 00:00:00 2001
From: Alvin
Date: Wed, 2 Mar 2011 19:07:57 -0800
Subject: [PATCH 04/11] clarify what the rest of the document is
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index b352eb4a..d4bac537 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,8 @@ in your template.
Also, I haven't updated the tests to reflect the new tag placement.
+Old README is below.
+
Unobtrusive scripting adapter for jQuery
========================================
From 56dde817f23b3d7ca7023131ac7115d2b7dbf4ab Mon Sep 17 00:00:00 2001
From: Alvin
Date: Thu, 10 Mar 2011 12:26:18 -0800
Subject: [PATCH 05/11] html that validates (input from csrf_token template tag
should be in form)
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index d4bac537..37a0dff1 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ I modified it. It's still called rails.js in the repo, though.
It instead sends the token the way django wants it, which is as an additional POST parameter named 'csrfmiddlewaretoken'. To get the token, it uses the selector "#csrf_token input" and reads the resulting element's value attribute. The easiest way to set this up is to put something like
-