|
1 | 1 | /* utils.js - utility functions */ |
2 | 2 |
|
| 3 | +// set X-CSRFToken AJAX request header |
| 4 | +// from https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax |
| 5 | + |
| 6 | +function getCookie(name) { |
| 7 | + var cookieValue = null; |
| 8 | + if (document.cookie && document.cookie != '') { |
| 9 | + var cookies = document.cookie.split(';'); |
| 10 | + for (var i = 0; i < cookies.length; i++) { |
| 11 | + var cookie = jQuery.trim(cookies[i]); |
| 12 | + // Does this cookie string begin with the name we want? |
| 13 | + if (cookie.substring(0, name.length + 1) == (name + '=')) { |
| 14 | + cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); |
| 15 | + break; |
| 16 | + } |
| 17 | + } |
| 18 | + } |
| 19 | + return cookieValue; |
| 20 | +} |
| 21 | +var csrftoken = getCookie('csrftoken'); |
| 22 | + |
| 23 | +function csrfSafeMethod(method) { |
| 24 | + // these HTTP methods do not require CSRF protection |
| 25 | + return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); |
| 26 | +} |
| 27 | +function sameOrigin(url) { |
| 28 | + // test that a given url is a same-origin URL |
| 29 | + // url could be relative or scheme relative or absolute |
| 30 | + var host = document.location.host; // host + port |
| 31 | + var protocol = document.location.protocol; |
| 32 | + var sr_origin = '//' + host; |
| 33 | + var origin = protocol + sr_origin; |
| 34 | + // Allow absolute or scheme relative URLs to same origin |
| 35 | + return (url == origin || url.slice(0, origin.length + 1) == origin + '/') || |
| 36 | + (url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') || |
| 37 | + // or any other URL that isn't scheme relative or absolute i.e relative. |
| 38 | + !(/^(\/\/|http:|https:).*/.test(url)); |
| 39 | +} |
| 40 | +$.ajaxSetup({ |
| 41 | + beforeSend: function(xhr, settings) { |
| 42 | + if (!csrfSafeMethod(settings.type) && sameOrigin(settings.url)) { |
| 43 | + // Send the token to same-origin, relative URLs only. |
| 44 | + // Send the token only if the method warrants CSRF protection |
| 45 | + // Using the CSRFToken value acquired earlier |
| 46 | + xhr.setRequestHeader("X-CSRFToken", csrftoken); |
| 47 | + } |
| 48 | + } |
| 49 | +}); |
| 50 | + |
| 51 | +// end set csrftoken |
3 | 52 |
|
4 | 53 | //returns the requested GET parameter from the URL |
5 | 54 | function get_param(param) { |
@@ -79,7 +128,7 @@ function init_proceedings_upload() { |
79 | 128 | $('#slides.sortable tbody').sortable({ |
80 | 129 | axis:'y', |
81 | 130 | containment:'parent', |
82 | | - update: function(event, ui){ |
| 131 | + update: function(event, ui){ |
83 | 132 | var data = $(this).sortable("toArray"); |
84 | 133 | var element_id = ui.item.attr("id"); |
85 | 134 | var slide_name = $("tr#"+element_id+" td.hidden").text(); |
@@ -147,15 +196,15 @@ $(document).ready(function() { |
147 | 196 | } |
148 | 197 |
|
149 | 198 |
|
150 | | - // unset Primary Area selection unless it appears as URL parameter |
| 199 | + // unset Primary Area selection unless it appears as URL parameter |
151 | 200 | //if (($('#id_primary_area').length) && (get_param('primary_area') == '')) { |
152 | 201 | // $('#id_primary_area')[0].selectedIndex = -1; |
153 | 202 |
|
154 | 203 | // special features for area list page |
155 | 204 | if ($('#areas-button-list').length) { |
156 | 205 | init_area_table(); |
157 | 206 | } |
158 | | - // Setup autocomplete for adding names |
| 207 | + // Setup autocomplete for adding names |
159 | 208 | if ($('input.name-autocomplete').length) { |
160 | 209 | $('input.name-autocomplete').autocomplete({ |
161 | 210 | source: "/secr/areas/getpeople/", |
@@ -206,7 +255,7 @@ $(document).ready(function() { |
206 | 255 | init_proceedings_table(); |
207 | 256 | } |
208 | 257 |
|
209 | | - // special features for Proceedings Upload Material Page |
| 258 | + // special features for Proceedings Upload Material Page |
210 | 259 | if ($('#proceedings-upload-table').length) { |
211 | 260 | init_proceedings_upload(); |
212 | 261 | } |
|
0 commit comments