commit f89e56fc8f986bf3d563850f8bdcb83702dbaea8
author Scott Baker <smbaker@gmail.com> Tue Oct 28 16:02:05 2014 -0700
committer Scott Baker <smbaker@gmail.com> Tue Oct 28 16:02:05 2014 -0700
tree 7bf3da9db24dd460601c385580263ee50fad3923
parent 34f75905bdf3a34b58102557585133e5f1a16822

getting it from a cookie is better than sticking it in a meta tag

planetstack/core/xoslib/static/js/xoslib/xos-backbone.js

diff --git a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
index af79852..cd1c305 100644
--- a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
+++ b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
@@ -14,6 +14,22 @@
 
     SLICEPLUS_API = "/xoslib/slicesplus/";
 
+    function getCookie(name) {
+        var cookieValue = null;

+        if (document.cookie && document.cookie != '') {

+            var cookies = document.cookie.split(';');

+            for (var i = 0; i < cookies.length; i++) {

+                var cookie = jQuery.trim(cookies[i]);

+                // Does this cookie string begin with the name we want?

+                if (cookie.substring(0, name.length + 1) == (name + '=')) {

+                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));

+                    break;

+                }

+            }

+        }

+        return cookieValue;

+    }
+
     XOSModel = Backbone.Model.extend({
         /* from backbone-tastypie.js */
         //idAttribute: 'resource_uri',
@@ -231,7 +247,8 @@
       var _sync = Backbone.sync;

       Backbone.sync = function(method, model, options){

         options.beforeSend = function(xhr){

-          var token = $('meta[name="csrf-token"]').attr('content');

+          //var token = $('meta[name="csrf-token"]').attr('content');

+          var token = getCookie("csrftoken");

           xhr.setRequestHeader('X-CSRFToken', token);

           console.log(token);

         };

planetstack/templates/admin/base.html

diff --git a/planetstack/templates/admin/base.html b/planetstack/templates/admin/base.html
index 21f7974..dc92ca9 100644
--- a/planetstack/templates/admin/base.html
+++ b/planetstack/templates/admin/base.html
@@ -2,7 +2,6 @@
 <html lang="{{ LANGUAGE_CODE|default:"en-us" }}" {% if LANGUAGE_BIDI %}dir="rtl"{% endif %}>
 <head>
   <title>{% block title %}  {%if title %} {{ title }} | {% endif %} {{ 'ADMIN_NAME'|suit_conf }}{% endblock %}</title>
-  <meta name="csrf-token" content="{{csrf_token}}">
   <link rel="stylesheet" type="text/css" href="{% block stylesheet %}{% endblock %}"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/bootstrap/css/bootstrap.min.css' %}" media="all"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/css/suit.css' %}" media="all">