fix(csrf): give CSRF token when using /ajax route

--HG-- branch : 3.32

fix(csrf): give CSRF token when using /ajax route
--HG-- branch : 3.32
1c1ce06f · Simon Chabot · 4243e256adc7 · 7959196b
Commit 1c1ce06f authored Jul 30, 2021 by Simon Chabot
--- a/cubicweb/web/data/cubicweb.ajax.js
+++ b/cubicweb/web/data/cubicweb.ajax.js
@@ -17,6 +17,24 @@
 * with CubicWeb.  If not, see <https://www.gnu.org/licenses/>.
 */

+function getCookie(name) {
+    let cookieValue = null;
+    if (document.cookie && document.cookie !== '') {
+        const cookies = document.cookie.split(';');
+        for (let i = 0; i < cookies.length; i++) {
+            const cookie = cookies[i].trim();
+            // Does this cookie string begin with the name we want?
+            if (cookie.substring(0, name.length + 1) === (name + '=')) {
+                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                break;
+            }
+        }
+    }
+    return cookieValue;
+}
+
+const CSRF_TOKEN = getCookie('csrf_token');
+
 /**
 * .. function:: Deferred
 *
@@ -378,6 +396,7 @@ function loadRemote(url, form, reqtype, sync) {
            type: (reqtype || 'POST').toUpperCase(),
            data: form,
            traditional: true,
+            headers: { 'X-CSRF-Token': CSRF_TOKEN },
            async: true,

            beforeSend: function(xhr) {
@@ -415,6 +434,7 @@ function loadRemote(url, form, reqtype, sync) {
            data: form,
            traditional: true,
            async: false,
+            headers: { 'X-CSRF-Token': CSRF_TOKEN },
            success: function(res) {
                result = res;
            }