问题描述

Django的已经更新到1.3，而事实上自从1.2.5，它扩展了方案，跨站请求伪造保护令牌传递到XMLHtt prequests。 Django的人提供有益 jQuery的一个例子，以应用每一个XHR特定的头。

Django has been updated to 1.3, and in fact ever since 1.2.5, it has extended the scheme to pass a Cross Site Request Forgery protection token to XMLHttpRequests. The Django folks helpfully provide an example for jQuery to apply a specific header to every XHR.

原型（因此Scriptaculous的）必须遵守该方案，但我不能找到一种方法来告诉原型添加X-CSRFToken头。最好是在它适用于整个应用程序（如jQuery的）的方式做一次。

Prototype (and thus Scriptaculous) have to comply to this scheme, yet I can't find a way to tell prototype to add the X-CSRFToken header. The best would be to do it once in a way that applies it across the app (like for jQuery).

有没有办法做到这一点？

Is there a way to do that?

推荐答案

这是胡乱猜测，但你可以尝试的基AJAX类...

This is a wild guess but you could try extending the base AJAX class...

Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
    function (callOriginal, options) {
        var headers = options.requestHeaders || {};
        headers["X-CSRFToken"] = getCookie("csrftoken");
        options.requestHeaders = headers;
        return callOriginal(options);
    }
);

这篇关于针对CSRF基于保护的prototype.js XHR请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！