#= require ./dom
{ $ } = Quails
# Up-to-date Cross-Site Request Forgery token csrfToken = Quails.csrfToken = ->
meta = document.querySelector('meta[name=csrf-token]') meta and meta.content
# URL param that must contain the CSRF token csrfParam = Quails.csrfParam = ->
meta = document.querySelector('meta[name=csrf-param]') meta and meta.content
# Make sure that every Ajax request sends the CSRF token Quails
.CSRFProtection = (xhr) ->
token = csrfToken() xhr.setRequestHeader('X-CSRF-Token', token) if token?
# Make sure that all forms have actual up-to-date tokens (cached forms contain old ones) Quails.refreshCSRFTokens = ->
token = csrfToken() param = csrfParam() if token? and param? $('form input[name="' + param + '"]').forEach (input) -> input.value = token