Set X-CSRF-Token on HTTP requests

https://github.com/emberjs/ember-rails#csrf-token https://github.com/thoughtbot/ember-cli-rails#csrf-tokens When `ember-cli-rails` embeds the CSRF meta tags, this initializer configures the host app to recognize them and set them as outgoing HTTP headers to play nice with the Rails app's CSRF protection.
rondale-sc · Nov 10, 2015 · 32a0d16 · 32a0d16
1 parent 2f2a47e
commit 32a0d16
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/app/initializers/csrf.js b/app/initializers/csrf.js
@@ -0,0 +1,14 @@
+import Ember from 'ember';
+
+const { $ } = Ember;
+
+export default {
+  name: 'ember-cli-rails-addon:csrf',
+
+  initialize() {
+    $.ajaxPrefilter((options, originalOptions, xhr) => {
+      const token = $('meta[name="csrf-token"]').attr('content');
+      xhr.setRequestHeader('X-CSRF-Token', token);
+    });
+  },
+};