Skip Menu |

This queue is for tickets about the Mojolicious-Plugin-CSRFDefender CPAN distribution.

Report information
The Basics
Id: 67350
Status: new
Priority: 0/
Queue: Mojolicious-Plugin-CSRFDefender
People
Owner: Nobody in particular
Requestors: KOORCHIK [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sat Apr 09 17:42:02 2011 KOORCHIK [...] cpan.org - Ticket created
Subject: CSRF protection in AJAX.
Hi, Yuki. I like your plugin. And it will be great also to have protection in ajax for 'PUT', 'POST', 'DELETE' methods like in Ruby on Rails. For example, you can add helper like <% =csrf_protection_for_jquery_ajax %> which will insert some code like this(I have not tested it): From rails.js: // Make sure that every Ajax request sends the CSRF token function CSRFProtection(xhr) { var token = $('meta[name="csrf- token"]').attr('content'); if (token) xhr.setRequestHeader('X-CSRF-Token', token); } if ('ajaxPrefilter' in $) $.ajaxPrefilter(function(options, originalOptions, xhr){ CSRFProtection(xhr) }); else $(document).ajaxSend(function(e, xhr){ CSRFProtection(xhr) }); ========================================== Or this (found in Internet): $.ajaxSetup({ beforeSend: function(xhr) { xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf- token"]').attr('content')); } }); =========================================