From 77b79b32b80955192b344d99bd4ab64056905a92 Mon Sep 17 00:00:00 2001
From: Jason McBrayer <jmcbray@carcosa.net>
Date: Thu, 30 Aug 2018 18:49:12 -0400
Subject: [PATCH] Get intercooler ajax requests working with csrf protection

---
 brutaldon/settings.py         |  2 +-
 brutaldon/templates/base.html | 26 ++------------------------
 2 files changed, 3 insertions(+), 25 deletions(-)

diff --git a/brutaldon/settings.py b/brutaldon/settings.py
index 561929c..93bf1c3 100644
--- a/brutaldon/settings.py
+++ b/brutaldon/settings.py
@@ -47,7 +47,7 @@ MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
-    #'django.middleware.csrf.CsrfViewMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
diff --git a/brutaldon/templates/base.html b/brutaldon/templates/base.html
index b012e43..1d5bc1d 100644
--- a/brutaldon/templates/base.html
+++ b/brutaldon/templates/base.html
@@ -38,7 +38,8 @@
                 <link rel="icon" href="{% static "images/brutaldon.png" %}" type="image/png">
             {% endif %}
     </head>
-    <body class="has-navbar-fixed-top">
+    <body class="has-navbar-fixed-top"
+          ic-global-include='{"csrfmiddlewaretoken": "{{ csrf_token }}"}'>
         {% block navbar %}
             <nav class="navbar is-fixed-top" role="navigation"
                  aria-label="main navigation">
@@ -185,29 +186,6 @@
 
              });
 
-             $.ajaxSetup({
-                 beforeSend: function(xhr, settings) {
-                     function getCookie(name) {
-                         var cookieValue = null;
-                         if (document.cookie && document.cookie != '') {
-                             var cookies = document.cookie.split(';');
-                             for (var i = 0; i < cookies.length; i++) {
-                                 var cookie = jQuery.trim(cookies[i]);
-                                 // Does this cookie string begin with the name we want?
-                                 if (cookie.substring(0, name.length + 1) == (name + '=')) {
-                                     cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
-                                     break;
-                                 }
-                             }
-                         }
-                         return cookieValue;
-                     }
-                     if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
-                         // Only send the token to relative URLs i.e. locally.
-                         xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
-                     }
-                 }
-             });
 
             </script>
             {% block page_scripts_inline %}