-
Notifications
You must be signed in to change notification settings - Fork 4
Version 1.7 Allow configuration of CSRF token name
This version allows configuration of the CSRF token parameter name to facilitate integration with Django. Previously the CSRF token name was hard coded to always be submitted as a parametter named "pageLoadTimeStamp". Now the developer can submit this value as any name desired by changing the value of the "pageLoadTimeStampParamName" global variable. In the case of Django the developer would include the variable as shown below
var signInPageURI = "";
// this timestamp variable functions as your csrf token for async calls
var pageLoadTimeStamp = "{{ csrf_token }}";
var pageLoadTimeStampParamName="csrfmiddlewaretoken";
var modalTargetSpacing = 10;
The freedom to do this became imperitive because Django requires a token be sent with all POST requests unless this enforcement is specifically disabled for each url mapping.