From d9bf45d417b3c8f5e57e144ec387327347f0b73f Mon Sep 17 00:00:00 2001 From: christianalfoni Date: Sat, 7 Mar 2015 11:12:05 +0100 Subject: [PATCH] Added CSRF token handling --- README.md | 4 ++++ src/main.js | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a4dfd87..8dab642 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,10 @@ The main concept is that forms, inputs and validation is done very differently a ## Changes +**0.7.2**: + - isNumber validation now supports float (Thanks @hahahana) + - Form XHR calls now includes CSRF headers, if exists (Thanks @hahahana) + **0.7.1** - Fixed bug where external update of value on pristine form element did not update the form model (Thanks @sdemjanenko) - Fixed bug where children are null/undefined (Thanks @sdemjanenko) diff --git a/src/main.js b/src/main.js index 5d94bc2..22ec643 100644 --- a/src/main.js +++ b/src/main.js @@ -56,6 +56,7 @@ var toURLEncoded = function (element, key, list) { return list.join('&'); }; +var csrfTokenSelector = document.querySelector('meta[name="csrf-token"]'); var request = function (method, url, data, contentType, headers) { var contentType = contentType === 'urlencoded' ? 'application/' + contentType.replace('urlencoded', 'x-www-form-urlencoded') : 'application/json'; @@ -68,8 +69,9 @@ var request = function (method, url, data, contentType, headers) { xhr.setRequestHeader('Accept', 'application/json'); xhr.setRequestHeader('Content-Type', contentType); - var csrfTokenSelector = document.querySelector('meta[name="csrf-token"]'); - if (!! csrfTokenSelector && !! csrfTokenSelector.content) xhr.setRequestHeader('X-CSRF-Token', csrfTokenSelector.content); + if (!!csrfTokenSelector && !!csrfTokenSelector.content) { + xhr.setRequestHeader('X-CSRF-Token', csrfTokenSelector.content); + } // Add passed headers Object.keys(headers).forEach(function (header) {