id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15284	CSRF/Ajax/jQuery example could break other site JS	LukeMaurer	nobody	"The example given for setting up jQuery to pass the CSRF token in Ajax requests (http://docs.djangoproject.com/en/1.2/ref/contrib/csrf/#ajax) has a problem: If the site already uses `$.ajaxSetup({beforeSend: ...})` for other processing, this code will clobber that other handler (or vice versa).

The [http://api.jquery.com/jQuery.ajaxSetup/ jQuery docs] suggest using `$.ajaxSend()` and friends for setting up global callbacks, rather than `$.ajaxSetup()`, I suspect for this reason.

At any rate, using jQuery's suggestion would make the example look like:

{{{
$.ajaxSend(function(event, xhr, settings) {
    function getCookie(name) {
        var cookieValue = null;
        if (document.cookie && document.cookie != '') {
            var cookies = document.cookie.split(';');
            for (var i = 0; i < cookies.length; i++) {
                var cookie = jQuery.trim(cookies[i]);
                // Does this cookie string begin with the name we want?
                if (cookie.substring(0, name.length + 1) == (name + '=')) {
                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                    break;
                }
            }
        }
        return cookieValue;
    }
    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
        // Only send the token to relative URLs i.e. locally.
        xhr.setRequestHeader(""X-CSRFToken"", getCookie('csrftoken'));
    }
});
}}}

(where only the outer function call and the signature of the callback have changed)"		closed	Documentation	1.2		fixed			Accepted	0	0	0	0	0	0