diff --git a/isso/js/app/api.js b/isso/js/app/api.js index 9b4f8fb..a2736fb 100644 --- a/isso/js/app/api.js +++ b/isso/js/app/api.js @@ -85,6 +85,7 @@ define(["q"], function(Q) { try { xhr.open(method, url, true); xhr.withCredentials = true; + xhr.setRequestHeader("Content-Type", "application/json"); if (method === "GET") { xhr.setRequestHeader("X-Origin", window.location.origin); diff --git a/isso/views/comments.py b/isso/views/comments.py index 9db8c02..76c70eb 100644 --- a/isso/views/comments.py +++ b/isso/views/comments.py @@ -31,6 +31,30 @@ class JSON(Response): return super(JSON, self).__init__(*args, content_type='application/json') +def xhr(func): + """A decorator to check for CSRF on POST/PUT/DELETE using a