Supply the csrf token in <head>, pass it along on xhrs

This resolves issue #149, which would cause users to receive a 406 when doing AJAX requests and be logged out in the process.
author: Marius Mathiesen <marius@gitorious.org> 2013-01-18 09:29:25 (GMT)
committer: Marius Mathiesen <marius@gitorious.org> 2013-01-18 09:29:25 (GMT)
commit: 91a24c70073a770edf91b73790cb38492fd7d6f6 (patch)
tree: 9a618e310e6a3f38f9d8e060fa36480b85d6ab2a
parent: ded49bbc1b9922f4f89343baec1829b5439d4d87 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/app/views/layouts/_common_head.html.erb b/app/views/layouts/_common_head.html.erb
index 4bb433c..c161371 100644
--- a/app/views/layouts/_common_head.html.erb
+++ b/app/views/layouts/_common_head.html.erb
@@ -30,4 +30,5 @@
 <%= yield :extra_head -%>
 <!--[if IE 8]><link rel="stylesheet" href="/stylesheets/ie8.css" type="text/css"><![endif]-->
 <!--[if IE 7]><link rel="stylesheet" href="/stylesheets/ie7.css" type="text/css"><![endif]-->
+<%= csrf_meta_tag %>
 <%= GitoriousConfig["extra_html_head_data"] -%>
diff --git a/public/javascripts/gitorious/jquery.js b/public/javascripts/gitorious/jquery.js
index e6c0ce4..0974456 100644
--- a/public/javascripts/gitorious/jquery.js
+++ b/public/javascripts/gitorious/jquery.js
@@ -25,6 +25,7 @@
 $.ajaxSetup({
     "beforeSend": function (xhr) {
         xhr.setRequestHeader("Accept", "text/javascript");
+	xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))
     },
 
     "complete": function () {
author	Marius Mathiesen <marius@gitorious.org>	2013-01-18 09:29:25 (GMT)
committer	Marius Mathiesen <marius@gitorious.org>	2013-01-18 09:29:25 (GMT)
commit	91a24c70073a770edf91b73790cb38492fd7d6f6 (patch)
tree	9a618e310e6a3f38f9d8e060fa36480b85d6ab2a
parent	ded49bbc1b9922f4f89343baec1829b5439d4d87 (diff)