diff options
| -rw-r--r-- | templates/web/base/common_header_tags.html | 4 | ||||
| -rw-r--r-- | web/cobrands/fixmystreet/offline.js | 2 | ||||
| -rw-r--r-- | web/cobrands/fixmystreet/staff.js | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/templates/web/base/common_header_tags.html b/templates/web/base/common_header_tags.html index e64722f01..adbcf3c0b 100644 --- a/templates/web/base/common_header_tags.html +++ b/templates/web/base/common_header_tags.html @@ -6,6 +6,10 @@ id="js-meta-data" data-page="[% page %]" data-cobrand="[% c.cobrand.moniker %]"> +[% IF csrf_token %] + <meta content="[% csrf_token %]" name="csrf-token" /> +[% END %] + <!--[if (lt IE 9)]> <script src="[% version('/js/html5shiv.js') %]""></script> <![endif]--> diff --git a/web/cobrands/fixmystreet/offline.js b/web/cobrands/fixmystreet/offline.js index e6e50d3e8..573972d18 100644 --- a/web/cobrands/fixmystreet/offline.js +++ b/web/cobrands/fixmystreet/offline.js @@ -70,7 +70,7 @@ fixmystreet.offlineBanner = (function() { } // In case the request failed due to out-of-date CSRF token, // try once more with a new token given in the error response. - var m = jqXHR.responseText.match(/name="token" value="([^"]*)"/); + var m = jqXHR.responseText.match(/content="([^"]*)" name="csrf-token"/); if (!m) { return nextForm(); } diff --git a/web/cobrands/fixmystreet/staff.js b/web/cobrands/fixmystreet/staff.js index d808d4ad9..a635f4858 100644 --- a/web/cobrands/fixmystreet/staff.js +++ b/web/cobrands/fixmystreet/staff.js @@ -105,7 +105,7 @@ $.extend(fixmystreet.set_up, { var parts = whatUserWants.split('-'); whatUserWants = parts[0] + '-' + parts[1]; report_id = parts[2]; - var token = $('[name=token]').val(); + var token = $('meta[name="csrf-token"]').attr('content'); data = whatUserWants + '=1&token=' + token + '&id=' + report_id; } else { var $form = $(this).parents('form'); |